{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T08:12:04Z","timestamp":1775808724960,"version":"3.50.1"},"reference-count":27,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T00:00:00Z","timestamp":1766188800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T00:00:00Z","timestamp":1766188800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Software Qual J"],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1007\/s11219-025-09733-4","type":"journal-article","created":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T10:50:34Z","timestamp":1766227834000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards combining chain-of-thought and code static analysis for buffer overflow vulnerability detection"],"prefix":"10.1007","volume":"34","author":[{"given":"Yuan","family":"Huang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yinan","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiahong","family":"Cai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Junlong","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiangping","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pengfei","family":"Shen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lei","family":"Yun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,12,20]]},"reference":[{"key":"9733_CR1","unstructured":"Checkmarx (2024). Checkmarx - Application Security Testing Solutions. https:\/\/checkmarx.com. Accessed: 2024-08-12"},{"key":"9733_CR2","doi-asserted-by":"publisher","unstructured":"Cheng, X., Wang, H., Hua, J., Xu, G., Sui, Y. (2021). Deepwukong: Statically detecting software vulnerabilities using deep graph neural network. ACM Transactions on Software Engineering and Methodology. 30(3). https:\/\/doi.org\/10.1145\/3436877","DOI":"10.1145\/3436877"},{"key":"9733_CR3","unstructured":"Cybersecurity and Infrastructure Security Agency (CISA) (2024). Known Exploited Vulnerabilities Catalog. Accessed: 2025-09-28. https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog"},{"key":"9733_CR4","doi-asserted-by":"publisher","unstructured":"Ding, Y., Fu, Y., Ibrahim, O., Sitawarin, C., Chen, X., Alomair, B., Wagner, D., Ray, B., Chen, Y. (2025). Vulnerability detection with code language models: How far are we? In: 2025 IEEE\/ACM 47th International Conference on Software Engineering (ICSE), pp. 1729\u20131741. https:\/\/doi.org\/10.1109\/ICSE55347.2025.00038","DOI":"10.1109\/ICSE55347.2025.00038"},{"key":"9733_CR5","unstructured":"Dive, C. (2023) Fbi, cisa warn of continued exploitation of buffer overflow vulnerabilities. Accessed: 2025-09-28"},{"issue":"11","key":"9733_CR6","doi-asserted-by":"publisher","first-page":"2575","DOI":"10.1109\/TSE.2019.2956932","volume":"47","author":"J Gao","year":"2021","unstructured":"Gao, J., Jiang, Y., Liu, Z., Yang, X., Wang, C., Jiao, X., Yang, Z., & Sun, J. (2021). Semantic learning and emulation based cross-platform binary vulnerability seeker. IEEE Transactions on Software Engineering, 47(11), 2575\u20132589. https:\/\/doi.org\/10.1109\/TSE.2019.2956932","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9733_CR7","doi-asserted-by":"crossref","unstructured":"Guo, J., Cheng, J., Cleland-Huang, J.: Semantically enhanced software traceability using deep learning techniques. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE), pp. 3\u201314 (2017). 10.1109\/ICSE.2017.9","DOI":"10.1109\/ICSE.2017.9"},{"key":"9733_CR8","doi-asserted-by":"publisher","unstructured":"Hin, D., Kan, A., Chen, H., Babar, M.A. (2022). Linevd: Statement-level vulnerability detection using graph neural networks. In: 2022 IEEE\/ACM 19th International Conference on Mining Software Repositories (MSR), pp. 596\u2013607. https:\/\/doi.org\/10.1145\/3524842.3527949","DOI":"10.1145\/3524842.3527949"},{"key":"9733_CR9","unstructured":"Joern (2024). https:\/\/joern.io. Accessed: 2024-10-26"},{"key":"9733_CR10","doi-asserted-by":"publisher","unstructured":"Li, Y., Wang, S., Nguyen, T.N. (2021). Vulnerability detection with fine-grained interpretations. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ESEC\/FSE 2021, pp. 292\u2013303. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/3468264.3468597","DOI":"10.1145\/3468264.3468597"},{"key":"9733_CR11","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., Zhong, Y. (2018). Vuldeepecker: A deep learning-based system for vulnerability detection.","DOI":"10.14722\/ndss.2018.23158"},{"issue":"4","key":"9733_CR12","doi-asserted-by":"publisher","first-page":"2821","DOI":"10.1109\/TDSC.2021.3076142","volume":"19","author":"Z Li","year":"2022","unstructured":"Li, Z., Zou, D., Xu, S., Chen, Z., Zhu, Y., & Jin, H. (2022). Vuldeelocator: A deep learning-based fine-grained vulnerability detector. IEEE Transactions on Dependable and Secure Computing, 19(4), 2821\u20132837. https:\/\/doi.org\/10.1109\/TDSC.2021.3076142","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"4","key":"9733_CR13","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2022","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., & Chen, Z. (2022). Sysevr: A framework for using deep learning to detect software vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 19(4), 2244\u20132258. https:\/\/doi.org\/10.1109\/TDSC.2021.3051525","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"9733_CR14","unstructured":"MITRE Corporation (2023). 2023 Known Exploited Vulnerabilities (KEV) Insights Report. Accessed: 2025-09-28. https:\/\/we.mitre.org\/top25\/archive\/2023\/2023kev_insights.html"},{"key":"9733_CR15","unstructured":"MITRE Corporation (2024). 2024 CWE Top 25 Most Dangerous Software Weaknesses. Accessed: 2025-09-28. https:\/\/cwe.mitre.org\/top25\/archive\/2024\/2024_cwe_top25.html"},{"key":"9733_CR16","doi-asserted-by":"publisher","unstructured":"Peng, Y., Wang, C., Wang, W., Gao, C., Lyu, M.R. (2023). Generative type inference for python. In: 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE), pp. 988\u2013999. https:\/\/doi.org\/10.1109\/ASE56229.2023.00031","DOI":"10.1109\/ASE56229.2023.00031"},{"issue":"1","key":"9733_CR17","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/TSE.2022.3144348","volume":"49","author":"C Pornprasit","year":"2023","unstructured":"Pornprasit, C., & Tantithamthavorn, C. K. (2023). Deeplinedp: Towards a deep learning approach for line-level defect prediction. IEEE Transactions on Software Engineering, 49(1), 84\u201398. https:\/\/doi.org\/10.1109\/TSE.2022.3144348","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9733_CR18","doi-asserted-by":"publisher","unstructured":"Steenhoek, B., Rahman, M.M., Jiles, R., Le, W. (2023). An empirical study of deep learning models for vulnerability detection. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 2237\u20132248. https:\/\/doi.org\/10.1109\/ICSE48619.2023.00188","DOI":"10.1109\/ICSE48619.2023.00188"},{"key":"9733_CR19","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L., Polosukhin, I. (2017). Attention is all you need. In: Proceedings of the 31st International Conference on Neural Information Processing Systems. NIPS\u201917, pp. 6000\u20136010. Curran Associates Inc., Red Hook, NY, USA"},{"key":"9733_CR20","doi-asserted-by":"publisher","unstructured":"Wang, C., Yang, Y., Gao, C., Peng, Y., Zhang, H., Lyu, M.R. (2022). No more fine-tuning? an experimental evaluation of prompt tuning in code intelligence. In: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ESEC\/FSE 2022, pp. 382\u2013394. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/3540250.3549113","DOI":"10.1145\/3540250.3549113"},{"issue":"11","key":"9733_CR21","doi-asserted-by":"publisher","first-page":"4869","DOI":"10.1109\/TSE.2023.3313881","volume":"49","author":"C Wang","year":"2023","unstructured":"Wang, C., Yang, Y., Gao, C., Peng, Y., Zhang, H., & Lyu, M. R. (2023). Prompt tuning in code intelligence: An experimental evaluation. IEEE Transactions on Software Engineering, 49(11), 4869\u20134885. https:\/\/doi.org\/10.1109\/TSE.2023.3313881","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9733_CR22","unstructured":"Wheeler, D.A. (2024). Flawfinder. https:\/\/dwheeler.com\/flawfinder\/. Accessed: 2024-08-12"},{"key":"9733_CR23","doi-asserted-by":"publisher","unstructured":"Xu, J., Cui, Z., Zhao, Y., Zhang, X., He, S., He, P., Li, L., Kang, Y., Lin, Q., Dang, Y., Rajmohan, S., Zhang, D. (2024). Unilog: Automatic logging via llm and in-context learning. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. ICSE \u201924. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/3597503.3623326","DOI":"10.1145\/3597503.3623326"},{"key":"9733_CR24","volume-title":"GNNExplainer: generating explanations for graph neural networks","author":"R Ying","year":"2019","unstructured":"Ying, R., Bourgeois, D., You, J., Zitnik, M., & Leskovec, J. (2019). GNNExplainer: generating explanations for graph neural networks. Red Hook, NY, USA: Curran Associates Inc."},{"key":"9733_CR25","volume-title":"Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks","author":"Y Zhou","year":"2019","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., & Liu, Y. (2019). Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. Red Hook, NY, USA: Curran Associates Inc."},{"key":"9733_CR26","doi-asserted-by":"publisher","unstructured":"Zou, D., Zhu, Y., Xu, S., Li, Z., Jin, H., Ye, H. (2021) Interpreting deep learning-based vulnerability detector predictions based on heuristic searching. ACM Transactions on Software Engineering and Methodology30(2) https:\/\/doi.org\/10.1145\/3429444","DOI":"10.1145\/3429444"},{"issue":"5","key":"9733_CR27","doi-asserted-by":"publisher","first-page":"2224","DOI":"10.1109\/TDSC.2019.2942930","volume":"18","author":"D Zou","year":"2021","unstructured":"Zou, D., Wang, S., Xu, S., Li, Z., & Jin, H. (2021). uvuldeepecker: A deep learning-based system for multiclass vulnerability detection. IEEE Transactions on Dependable and Secure Computing, 18(5), 2224\u20132236. https:\/\/doi.org\/10.1109\/TDSC.2019.2942930","journal-title":"IEEE Transactions on Dependable and Secure Computing"}],"container-title":["Software Quality Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-025-09733-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11219-025-09733-4","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-025-09733-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T07:38:11Z","timestamp":1775806691000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11219-025-09733-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,20]]},"references-count":27,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,3]]}},"alternative-id":["9733"],"URL":"https:\/\/doi.org\/10.1007\/s11219-025-09733-4","relation":{},"ISSN":["0963-9314","1573-1367"],"issn-type":[{"value":"0963-9314","type":"print"},{"value":"1573-1367","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,20]]},"assertion":[{"value":"9 March 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}}],"article-number":"2"}}