{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T17:49:08Z","timestamp":1782928148220,"version":"3.54.5"},"reference-count":47,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information and Software Technology"],"published-print":{"date-parts":[[2026,10]]},"DOI":"10.1016\/j.infsof.2026.108213","type":"journal-article","created":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T04:32:59Z","timestamp":1780720379000},"page":"108213","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Leveraging Large Language Models for advanced static code analysis: Assessing the feasibility of AI superseding traditional vulnerability detection methods"],"prefix":"10.1016","volume":"198","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-1969-5242","authenticated-orcid":false,"given":"Damian","family":"Koterba","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-4834-8889","authenticated-orcid":false,"given":"Maryna","family":"\u0141ukaczyk","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8743-8758","authenticated-orcid":false,"given":"Wojciech","family":"Ksi\u0105\u017cek","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.infsof.2026.108213_b1","series-title":"Summary of ChatGPT-related research and perspective towards the future","author":"Zhang","year":"2023"},{"key":"10.1016\/j.infsof.2026.108213_b2","series-title":"Video understanding","author":"Google","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b3","series-title":"Gpt-4o","author":"OpenAI","year":"2024"},{"key":"10.1016\/j.infsof.2026.108213_b4","series-title":"Language models are few-shot learners","author":"Brown","year":"2020"},{"key":"10.1016\/j.infsof.2026.108213_b5","series-title":"A logical calculus of the ideas immanent in nervous activity","author":"McCulloch","year":"1943"},{"key":"10.1016\/j.infsof.2026.108213_b6","series-title":"Some studies in machine learning using the game of checkers","author":"Samuel","year":"1959"},{"key":"10.1016\/j.infsof.2026.108213_b7","series-title":"The perceptron: a probabilistic model for information storage and organization in the brain","author":"Rosenblatt","year":"1958"},{"key":"10.1016\/j.infsof.2026.108213_b8","doi-asserted-by":"crossref","DOI":"10.1038\/323533a0","article-title":"Learning representations by back-propagating errors","author":"Rumelhart","year":"1986","journal-title":"Nature"},{"key":"10.1016\/j.infsof.2026.108213_b9","series-title":"Attention is all you need","author":"Vaswani","year":"2017"},{"key":"10.1016\/j.infsof.2026.108213_b10","series-title":"Security controls for computer systems: Report of defense science board task force on computer security","author":"Ware","year":"1970"},{"key":"10.1016\/j.infsof.2026.108213_b11","first-page":"99","article-title":"Computer Fraud and Abuse Act of 1986","author":"U.S. Congress","year":"1986","journal-title":"Public Law"},{"key":"10.1016\/j.infsof.2026.108213_b12","series-title":"Morris Worm, fbi history \u2013 famous cases","author":"Federal Bureau of Investigation","year":"1988"},{"key":"10.1016\/j.infsof.2026.108213_b13","doi-asserted-by":"crossref","DOI":"10.1186\/s42400-025-00361-w","article-title":"When LLMs meet Cybersecurity: A systematic literature review","author":"Zhang","year":"2025","journal-title":"Cybersecurity"},{"key":"10.1016\/j.infsof.2026.108213_b14","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104016","article-title":"A survey of large language models for cyber threat detection","author":"Chen","year":"2024","journal-title":"Computers & Security"},{"key":"10.1016\/j.infsof.2026.108213_b15","series-title":"Towards ai-driven human\u2013machine co-teaming for adaptive and agile cyber security operation centers","author":"Albanese","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b16","series-title":"Proceedings of the 33rd USENIX Security Symposium (USENIX Security 24), USENIX Association","first-page":"847","article-title":"PentestGPT: Evaluating and harnessing large language models for automated penetration testing","author":"Deng","year":"2024"},{"key":"10.1016\/j.infsof.2026.108213_b17","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103999","article-title":"Llm-tikg: threat intelligence knowledge graph construction utilizing large language model","volume":"145","author":"Hu","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.infsof.2026.108213_b18","doi-asserted-by":"crossref","first-page":"29698","DOI":"10.1109\/ACCESS.2025.3541146","article-title":"Harnessing large language models for software vulnerability detection: a comprehensive benchmarking study","volume":"13","author":"Tamberg","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.infsof.2026.108213_b19","series-title":"2024 12th International Symposium on Digital Forensics and Security","first-page":"1","article-title":"Llm-driven sat impact on phishing defense: a cross-sectional analysis","author":"\u0130\u015e","year":"2024"},{"key":"10.1016\/j.infsof.2026.108213_b20","series-title":"Large language model (llm) for software security: code analysis, malware analysis, reverse engineering","author":"Jelodar","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b21","series-title":"Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","first-page":"1875","article-title":"A llm-based agent for the automatic generation and generalization of ids rules","author":"Hu","year":"2024"},{"key":"10.1016\/j.infsof.2026.108213_b22","series-title":"Controlnet: a firewall for rag-based llm system","author":"Yao","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b23","series-title":"Question\u2013answer methodology for vulnerable source code review via prototype-based model-agnostic meta-learning","author":"Corona-Fraga","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b24","series-title":"OWASP Benchmark Project","author":"OWASP Foundation","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b25","series-title":"Proceedings of the Thirteenth International Conference on Learning Representations (ICLR 2025)","article-title":"Iris: llm-assisted static analysis for detecting security vulnerabilities","author":"Li","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b26","series-title":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)","first-page":"921","article-title":"Comparison and evaluation on static application security testing (sast) tools for java","author":"Li","year":"2023"},{"key":"10.1016\/j.infsof.2026.108213_b27","article-title":"An empirical study of multi-language security patches in open source software","volume":"Vol. 15748","author":"Sun","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b28","doi-asserted-by":"crossref","DOI":"10.3390\/electronics13132657","article-title":"Enhancing software code vulnerability detection using gpt-4o and claude-3.5 sonnet: a study on prompt engineering techniques","author":"Bae","year":"2024","journal-title":"Electronics"},{"key":"10.1016\/j.infsof.2026.108213_b29","series-title":"DeepSeek-R1: Incentivizing reasoning capability in LLMs via reinforcement learning","author":"DeepSeek-AI","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b30","article-title":"Chatbot arena: free ai chat to compare & test","author":"LMArena","year":"2025","journal-title":"JMLR. org"},{"key":"10.1016\/j.infsof.2026.108213_b31","series-title":"Proceedings of the 30th USENIX Security Symposium, USENIX Association","article-title":"Extracting training data from large language models","author":"Carlini","year":"2021"},{"key":"10.1016\/j.infsof.2026.108213_b32","series-title":"Sonarqube documentation","author":"SonarSource","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b33","series-title":"Semgrep: static analysis for modern codebases","author":"Semgrep","year":"2025"},{"issue":"1","key":"10.1016\/j.infsof.2026.108213_b34","first-page":"79","volume":"12","author":"Al-Dhaqm","year":"2024","journal-title":"Int. J. Eng. Inf. Technol. (IJEIT)"},{"key":"10.1016\/j.infsof.2026.108213_b35","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1007\/s10664-022-10253-z","article-title":"An empirical assessment of machine learning approaches for triaging reports of static analysis tools","volume":"28","author":"Yerramreddy","year":"2023","journal-title":"Empir. Softw. Eng."},{"key":"10.1016\/j.infsof.2026.108213_b36","series-title":"How do language models learn facts? dynamics, curricula and hallucinations","author":"Zucchet","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b37","doi-asserted-by":"crossref","DOI":"10.3390\/electronics13234718","article-title":"Using generative AI models to support Cybersecurity analysts","author":"Balogh","year":"2024","journal-title":"Electronics"},{"key":"10.1016\/j.infsof.2026.108213_b38","article-title":"May the source be with you: on chatgpt, cybersecurity, and secure coding","author":"Gasiba","year":"2024","journal-title":"Information"},{"key":"10.1016\/j.infsof.2026.108213_b39","article-title":"Comparison of static application security testing tools and large language models for repo-level vulnerability detection","author":"Zhou","year":"2024","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"10.1016\/j.infsof.2026.108213_b40","series-title":"Tokenizer","author":"OpenAI","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b41","series-title":"Gemini API documentation","author":"Google AI","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b42","series-title":"What\u2019s new in python 3.13","author":"Python Software Foundation","year":"2024"},{"key":"10.1016\/j.infsof.2026.108213_b43","series-title":"A unified interface for llms","author":"OpenRouter","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b44","doi-asserted-by":"crossref","DOI":"10.1063\/5.0182877","article-title":"An empirical study of the popularity of three programming languages on stack overflow: Trends, solutions, and users","volume":"2926","author":"Perdana","year":"2024","journal-title":"AIP Conf. Proc."},{"issue":"1","key":"10.1016\/j.infsof.2026.108213_b45","doi-asserted-by":"crossref","DOI":"10.1186\/s40537-023-00823-3","article-title":"Cochran\u2019s q test for analyzing categorical data under uncertainty","volume":"10","author":"Aslam","year":"2023","journal-title":"J. Big Data"},{"key":"10.1016\/j.infsof.2026.108213_b46","series-title":"Desctools: tools for descriptive statistics","author":"Signorell","year":"2025"},{"key":"10.1016\/j.infsof.2026.108213_b47","doi-asserted-by":"crossref","first-page":"104151","DOI":"10.1016\/j.cose.2024.104151","article-title":"Secureqwen: leveraging llms for vulnerability detection in python codebases","volume":"148","author":"Mechri","year":"2025","journal-title":"Comput. Secur."}],"container-title":["Information and Software Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584926002028?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584926002028?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T17:15:16Z","timestamp":1782926116000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0950584926002028"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,10]]},"references-count":47,"alternative-id":["S0950584926002028"],"URL":"https:\/\/doi.org\/10.1016\/j.infsof.2026.108213","relation":{},"ISSN":["0950-5849"],"issn-type":[{"value":"0950-5849","type":"print"}],"subject":[],"published":{"date-parts":[[2026,10]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Leveraging Large Language Models for advanced static code analysis: Assessing the feasibility of AI superseding traditional vulnerability detection methods","name":"articletitle","label":"Article Title"},{"value":"Information and Software Technology","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.infsof.2026.108213","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Author(s). Published by Elsevier B.V.","name":"copyright","label":"Copyright"}],"article-number":"108213"}}