{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:19:28Z","timestamp":1776889168240,"version":"3.51.2"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031948541","type":"print"},{"value":"9783031948558","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-94855-8_3","type":"book-chapter","created":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T05:51:21Z","timestamp":1749793881000},"page":"38-51","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Evaluating LLaMA 3.2 for\u00a0Software Vulnerability Detection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-1038-8384","authenticated-orcid":false,"given":"Jos\u00e9","family":"Gon\u00e7alves","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0008-6630-9939","authenticated-orcid":false,"given":"Miguel","family":"Silva","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1510-7126","authenticated-orcid":false,"given":"Bernardo","family":"Cabral","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1693-7872","authenticated-orcid":false,"given":"Tiago","family":"Dias","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8075-531X","authenticated-orcid":false,"given":"Eva","family":"Maia","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2519-9859","authenticated-orcid":false,"given":"Isabel","family":"Pra\u00e7a","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4215-3238","authenticated-orcid":false,"given":"Ricardo","family":"Severino","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5976-8853","authenticated-orcid":false,"given":"Lu\u00eds Lino","family":"Ferreira","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,14]]},"reference":[{"key":"3_CR1","doi-asserted-by":"publisher","unstructured":"Akimova, E.N., et al.: A survey on software defect prediction using deep learning. Mathematics 9(11) (2021). https:\/\/doi.org\/10.3390\/math9111180","DOI":"10.3390\/math9111180"},{"key":"3_CR2","unstructured":"Alexopoulos, N., Brack, M., Wagner, J.P., Grube, T., M\u00fchlh\u00e4user, M.: How long do vulnerabilities live in the code? A large-scale empirical measurement study on FOSS vulnerability lifetimes. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 359\u2013376. USENIX Association, Boston (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/alexopoulos"},{"key":"3_CR3","doi-asserted-by":"publisher","unstructured":"Bilgin, Z., Ersoy, M.A., Soykan, E.U., Tomur, E., \u00c7omak, P., Kara\u00e7ay, L.: Vulnerability prediction from source code using machine learning. IEEE Access 8, 150672\u2013150684 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.3016774","DOI":"10.1109\/ACCESS.2020.3016774"},{"key":"3_CR4","doi-asserted-by":"publisher","unstructured":"Chen, Y., Ding, Z., Alowain, L., Chen, X., Wagner, D.: DiverseVul: a new vulnerable source code dataset for deep learning based vulnerability detection. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. RAID 2023. ACM (2023).https:\/\/doi.org\/10.1145\/3607199.3607242","DOI":"10.1145\/3607199.3607242"},{"key":"3_CR5","doi-asserted-by":"publisher","unstructured":"Ganney, P.S., Pisharody, S., Claridge, E.: Chapter 9 - software engineering. In: Taktak, A., Ganney, P.S., Long, D., Axell, R.G. (eds.) Clinical Engineering (Second Edition), pp. 131\u2013168. Academic Press, second edition edn. (2020). https:\/\/doi.org\/10.1016\/B978-0-08-102694-6.00009-7","DOI":"10.1016\/B978-0-08-102694-6.00009-7"},{"key":"3_CR6","doi-asserted-by":"publisher","unstructured":"Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. 50(4), 1\u201336 (2017). https:\/\/doi.org\/10.1145\/3092566","DOI":"10.1145\/3092566"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"Gon\u00e7alves, J., Dias, T., Maia, E., Pra\u00e7a, I.: Scope: evaluating LLMS for software vulnerability detection. In: Mehmood, R., et al. (eds.) Distributed Computing and Artificial Intelligence, Special Sessions I, 21st International Conference, pp. 34\u201343. Springer Nature Switzerland, Cham (2025)","DOI":"10.1007\/978-3-031-76459-2_4"},{"key":"3_CR8","doi-asserted-by":"publisher","unstructured":"Gon\u00e7alves, J.P., et al.: RDiverseVul: Refined diversevul (2025). https:\/\/doi.org\/10.5281\/zenodo.15051277","DOI":"10.5281\/zenodo.15051277"},{"key":"3_CR9","doi-asserted-by":"publisher","unstructured":"Jain, R., Gervasoni, N., Ndhlovu, M., Rawat, S.: A code centric evaluation of C\/C++ vulnerability datasets for deep learning based vulnerability detection techniques. In: Proceedings of the 16th Innovations in Software Engineering Conference. ISEC \u201923, Association for Computing Machinery, New York (2023). https:\/\/doi.org\/10.1145\/3578527.3578530","DOI":"10.1145\/3578527.3578530"},{"key":"3_CR10","doi-asserted-by":"publisher","unstructured":"Katsadouros, E., Patrikakis, C.: A survey on vulnerability prediction using GNNs. In: Proceedings of the 26th Pan-Hellenic Conference on Informatics. PCI 2022, ACM. https:\/\/doi.org\/10.1145\/3575879.3575964","DOI":"10.1145\/3575879.3575964"},{"key":"3_CR11","doi-asserted-by":"publisher","unstructured":"Khare, A., Dutta, S., Li, Z., Solko-Breslin, A., Alur, R., Naik, M.: Understanding the effectiveness of large language models in detecting security vulnerabilities (2023). https:\/\/doi.org\/10.48550\/ARXIV.2311.16169","DOI":"10.48550\/ARXIV.2311.16169"},{"key":"3_CR12","doi-asserted-by":"publisher","unstructured":"Kuang, H., Yang, F., Zhang, L., Tang, G., Yang, L.: Leveraging user-defined identifiers for counterfactual data generation in source code vulnerability detection. In: 2023 IEEE 23rd International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 143\u2013150 (2023). https:\/\/doi.org\/10.1109\/SCAM59687.2023.00024","DOI":"10.1109\/SCAM59687.2023.00024"},{"key":"3_CR13","unstructured":"Li, T., Zhang, G., Do, Q.D., Yue, X., Chen, W.: Long-context LLMs struggle with long in-context learning (2024). https:\/\/arxiv.org\/abs\/2404.02060"},{"key":"3_CR14","doi-asserted-by":"publisher","unstructured":"Li, Z., Zou, D., Tang, J., Zhang, Z., Sun, M., Jin, H.: A comparative study of deep learning-based vulnerability detection system. IEEE Access 7, 103184\u2013103197 (2019). https:\/\/doi.org\/10.1109\/access.2019.2930578","DOI":"10.1109\/access.2019.2930578"},{"key":"3_CR15","doi-asserted-by":"publisher","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities (2018). https:\/\/doi.org\/10.48550\/ARXIV.1807.06756","DOI":"10.48550\/ARXIV.1807.06756"},{"key":"3_CR16","doi-asserted-by":"publisher","unstructured":"Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection (2018). https:\/\/doi.org\/10.48550\/ARXIV.1801.01681","DOI":"10.48550\/ARXIV.1801.01681"},{"key":"3_CR17","doi-asserted-by":"publisher","unstructured":"Lipp, S., Banescu, S., Pretschner, A.: An empirical study on the effectiveness of static C code analyzers for vulnerability detection. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA \u201922, ACM. https:\/\/doi.org\/10.1145\/3533767.3534380","DOI":"10.1145\/3533767.3534380"},{"key":"3_CR18","doi-asserted-by":"publisher","unstructured":"M.\u00a0Altaie, A., Gh.\u00a0Alsarraj, R., H.\u00a0Al-Bayati, A.: Verification and validation of a software: a review of the literature. Iraqi J. Comput. Inf. 46(1), 40-47 (2020). https:\/\/doi.org\/10.25195\/ijci.v46i1.249","DOI":"10.25195\/ijci.v46i1.249"},{"key":"3_CR19","doi-asserted-by":"publisher","unstructured":"Malhotra, R., Gupta, S., Singh, T.: A systematic review on application of deep learning techniques for software quality predictive modeling. In: 2020 International Conference on Computational Performance Evaluation (ComPE). IEEE. https:\/\/doi.org\/10.1109\/compe49325.2020.9200103","DOI":"10.1109\/compe49325.2020.9200103"},{"key":"3_CR20","doi-asserted-by":"publisher","unstructured":"Mamede, C., Pinconschi, E., Abreu, R.: A transformer-based ide plugin for vulnerability detection. In: Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering. ASE \u201922, Association for Computing Machinery, New York (2023). https:\/\/doi.org\/10.1145\/3551349.3559534","DOI":"10.1145\/3551349.3559534"},{"key":"3_CR21","doi-asserted-by":"publisher","unstructured":"Perry, N., Srivastava, M., Kumar, D., Boneh, D.: Do users write more insecure code with AI assistants? In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. CCS \u201923, ACM. https:\/\/doi.org\/10.1145\/3576915.3623157","DOI":"10.1145\/3576915.3623157"},{"key":"3_CR22","doi-asserted-by":"publisher","unstructured":"Purba, M., Ghosh, A., Radford, B.J., Chu, B.: Software vulnerability detection using large language models. In: 2023 IEEE 34th International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 112\u2013119. IEEE Computer Society, Los Alamitos (2023). https:\/\/doi.org\/10.1109\/ISSREW60843.2023.00058","DOI":"10.1109\/ISSREW60843.2023.00058"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Razuvayevskaya, O., et al.: Comparison between parameter-efficient techniques and full fine-tuning: a case study on multilingual news article classification. PLOS ONE 19 (2023). https:\/\/api.semanticscholar.org\/CorpusID:260886825","DOI":"10.1371\/journal.pone.0301738"},{"key":"3_CR24","doi-asserted-by":"publisher","unstructured":"Russell, R.L., et al.: Automated vulnerability detection in source code using deep representation learning (2018). https:\/\/doi.org\/10.48550\/ARXIV.1807.04320","DOI":"10.48550\/ARXIV.1807.04320"},{"key":"3_CR25","doi-asserted-by":"publisher","unstructured":"Shafiq, S., Mashkoor, A., Mayr-Dorn, C., Egyed, A.: A literature review of using machine learning in software development life cycle stages. IEEE Access 9, 140896-140920 (2021). https:\/\/doi.org\/10.1109\/access.2021.3119746","DOI":"10.1109\/access.2021.3119746"},{"key":"3_CR26","doi-asserted-by":"publisher","unstructured":"Shen, Z., Chen, S.: A survey of automatic software vulnerability detection, program repair, and defect prediction techniques. Secur. Commun. Netw. 2020, 1\u201316 (2020). https:\/\/doi.org\/10.1155\/2020\/8858010","DOI":"10.1155\/2020\/8858010"},{"key":"3_CR27","unstructured":"Song, W., et al.: Hierarchical context merging: better long context understanding for pre-trained LLMs (2024). https:\/\/arxiv.org\/abs\/2404.10308"},{"key":"3_CR28","doi-asserted-by":"publisher","unstructured":"Steenhoek, B., Rahman, M.M., Roy, M.K., Alam, M.S., Barr, E.T., Le, W.: A comprehensive study of the capabilities of large language models for vulnerability detection (2024). https:\/\/doi.org\/10.48550\/ARXIV.2403.17218","DOI":"10.48550\/ARXIV.2403.17218"},{"key":"3_CR29","doi-asserted-by":"publisher","unstructured":"Sun, H., Cui, L., Li, L., Ding, Z., Li, S., Hao, Z., Zhu, H.: VDTriplet: vulnerability detection with graph semantics using triplet model. Comput. Secur. 139, 103732 (2024). https:\/\/doi.org\/10.1016\/j.cose.2024.103732, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404824000336","DOI":"10.1016\/j.cose.2024.103732"},{"key":"3_CR30","doi-asserted-by":"publisher","unstructured":"Tang, G., Yang, L., Zhang, L., Kuang, H., Wang, H.: MRC-VulLoc: software source code vulnerability localization based on multi-choice reading comprehension. Comput. Secur. 141, 103816 (2024). https:\/\/doi.org\/10.1016\/j.cose.2024.103816, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404824001172","DOI":"10.1016\/j.cose.2024.103816"},{"key":"3_CR31","doi-asserted-by":"publisher","unstructured":"T\u00f3th, R., Bisztray, T., Erdodi, L.: LLMs in web-development: evaluating LLM-generated PHP code unveiling vulnerabilities and limitations (2024). https:\/\/doi.org\/10.48550\/ARXIV.2404.14459","DOI":"10.48550\/ARXIV.2404.14459"},{"key":"3_CR32","doi-asserted-by":"publisher","unstructured":"Wang, J., Huang, M., Nie, Y., Li, J.: Static analysis of source code vulnerability using machine learning techniques: a survey. In: 2021 4th International Conference on Artificial Intelligence and Big Data (ICAIBD), pp. 76\u201386 (2021). https:\/\/doi.org\/10.1109\/ICAIBD51990.2021.9459075","DOI":"10.1109\/ICAIBD51990.2021.9459075"},{"key":"3_CR33","doi-asserted-by":"publisher","unstructured":"Yang, Z., Shi, J., He, J., Lo, D.: Natural attack for pre-trained models of code. In: Proceedings of the 44th International Conference on Software Engineering, pp. 1482\u20131493. ICSE \u201922. Association for Computing Machinery, New York (2022). https:\/\/doi.org\/10.1145\/3510003.3510146","DOI":"10.1145\/3510003.3510146"},{"key":"3_CR34","doi-asserted-by":"crossref","unstructured":"Zhang, C., Liu, H., Zeng, J., Yang, K., Li, Y., Li, H.: Prompt-enhanced software vulnerability detection using ChatGPT (2024)","DOI":"10.1145\/3639478.3643065"},{"key":"3_CR35","unstructured":"Zhang, Y., Li, J., Liu, P.: Extending LLMs\u2019 context window with 100 samples (2024). https:\/\/arxiv.org\/abs\/2401.07004"},{"key":"3_CR36","doi-asserted-by":"publisher","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks (2019). https:\/\/doi.org\/10.48550\/ARXIV.1909.03496","DOI":"10.48550\/ARXIV.1909.03496"},{"key":"3_CR37","doi-asserted-by":"publisher","unstructured":"Zhu, Y., Lin, G., Song, L., Zhang, J.: The application of neural network for software vulnerability detection: a review. Neural Comput. Appl. 35(2), 1279\u20131301 (2022). https:\/\/doi.org\/10.1007\/s00521-022-08046-y","DOI":"10.1007\/s00521-022-08046-y"},{"issue":"5","key":"3_CR38","doi-asserted-by":"publisher","first-page":"2224","DOI":"10.1109\/TDSC.2019.2942930","volume":"18","author":"D Zou","year":"2021","unstructured":"Zou, D., Wang, S., Xu, S., Li, Z., Jin, H.: $$\\mu $$vuldeepecker: a deep learning-based system for multiclass vulnerability detection. IEEE Trans. Dependable Secure Comput. 18(5), 2224\u20132236 (2021). https:\/\/doi.org\/10.1109\/TDSC.2019.2942930","journal-title":"IEEE Trans. Dependable Secure Comput."}],"container-title":["Communications in Computer and Information Science","Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-94855-8_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T12:13:50Z","timestamp":1765196030000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-94855-8_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031948541","9783031948558"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-94855-8_3","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"EICC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Interdisciplinary Cybersecurity Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rennes","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 June 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eicc2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fvv.um.si\/eicc2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}