{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T08:02:59Z","timestamp":1780300979516,"version":"3.54.0"},"reference-count":35,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100003399","name":"Shanghai Municipality Science and Technology Commission","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003399","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2024M761927"],"award-info":[{"award-number":["2024M761927"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100015796","name":"Shanghai Lingjun Program","doi-asserted-by":"publisher","award":["24YF2719900"],"award-info":[{"award-number":["24YF2719900"]}],"id":[{"id":"10.13039\/100015796","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Science of Computer Programming"],"published-print":{"date-parts":[[2026,8]]},"DOI":"10.1016\/j.scico.2026.103491","type":"journal-article","created":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T14:50:41Z","timestamp":1776610241000},"page":"103491","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Software vulnerability detection via multimodal retrieval and hierarchical decision making"],"prefix":"10.1016","volume":"253","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-4979-060X","authenticated-orcid":false,"given":"Zhoufu","family":"Liu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Junhua","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8911-9889","authenticated-orcid":false,"given":"Zijie","family":"Huang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"issue":"2","key":"10.1016\/j.scico.2026.103491_bib0001","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MSECP.2004.1281254","article-title":"Software security","volume":"2","author":"McGraw","year":"2004","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"10.1016\/j.scico.2026.103491_bib0002","first-page":"19","article-title":"A survey of open source software vulnerability perception technology","volume":"35","author":"Zhan","year":"2023","journal-title":"J. Softw."},{"key":"10.1016\/j.scico.2026.103491_bib0003","series-title":"Proceedings of the 2010 IEEE International Conference on Information Theory and Information Security","first-page":"521","article-title":"A comparative study on software vulnerability static analysis techniques and tools","author":"Li","year":"2010"},{"issue":"5","key":"10.1016\/j.scico.2026.103491_bib0004","first-page":"1177","article-title":"Preface to the special issue on software security vulnerability detection","volume":"29","author":"Wang","year":"2018","journal-title":"J. Softw."},{"key":"10.1016\/j.scico.2026.103491_bib0005","doi-asserted-by":"crossref","unstructured":"Z. Li, D. Zou, S. Xu, et al., VulDeePecker: a deep learning-based system for vulnerability detection, 2018. arXiv preprint arXiv: 1801.01681.","DOI":"10.14722\/ndss.2018.23158"},{"issue":"10","key":"10.1016\/j.scico.2026.103491_bib0006","doi-asserted-by":"crossref","first-page":"1825","DOI":"10.1109\/JPROC.2020.2993293","article-title":"Software vulnerability detection using deep neural networks: a survey","volume":"108","author":"Lin","year":"2020","journal-title":"Proc. IEEE"},{"issue":"13","key":"10.1016\/j.scico.2026.103491_bib0007","first-page":"41","article-title":"Survey of vulnerability detection based on graph deep learning","volume":"41","author":"Dong","year":"2023","journal-title":"Sci. Technol. Rev."},{"key":"10.1016\/j.scico.2026.103491_bib0008","series-title":"Proceedings of the 2024 ACM\/IEEE 44th International Conference on Software Engineering: New Ideas and Emerging Results","first-page":"47","article-title":"Large language model for vulnerability detection: emerging results and future directions","author":"Zhou","year":"2024"},{"key":"10.1016\/j.scico.2026.103491_bib0009","series-title":"Proceedings of the 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE)","first-page":"1482","article-title":"Automated program repair in the era of large pre-trained language models","author":"Xia","year":"2023"},{"issue":"09","key":"10.1016\/j.scico.2026.103491_bib0010","doi-asserted-by":"crossref","first-page":"3280","DOI":"10.1109\/TSE.2021.3087402","article-title":"Deep learning based vulnerability detection: are we there yet?","volume":"48","author":"Chakraborty","year":"2022","journal-title":"IEEE Trans. Software Eng."},{"key":"10.1016\/j.scico.2026.103491_bib0011","unstructured":"S. Shimmi, H. Okhravi, M. Rahimi, AI-Based software vulnerability detection: a systematic literature review, 2025. arXiv preprint arXiv: 2506.10280."},{"key":"10.1016\/j.scico.2026.103491_bib0012","series-title":"Proceedings of the 44th International Conference on Software Engineering","first-page":"2365","article-title":"Vulcnn: an image-inspired scalable vulnerability detection system","author":"Wu","year":"2022"},{"issue":"7","key":"10.1016\/j.scico.2026.103491_bib0013","doi-asserted-by":"crossref","first-page":"3289","DOI":"10.1109\/TII.2018.2821768","article-title":"Cross-project transfer representation learning for vulnerable function discovery","volume":"14","author":"Lin","year":"2018","journal-title":"IEEE Trans. Ind. Inf."},{"issue":"5","key":"10.1016\/j.scico.2026.103491_bib0014","article-title":"A method for discovering unknown vulnerabilities using patches","volume":"29","author":"Li","year":"2018","journal-title":"J. Softw."},{"key":"10.1016\/j.scico.2026.103491_bib0015","unstructured":"M. Allamanis, M. Brockschmidt, M. Khademi, Learning to represent programs with graphs, 2017. arXiv preprint arXiv: 1711.00740."},{"key":"10.1016\/j.scico.2026.103491_bib0016","first-page":"10197","article-title":"Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks","volume":"32","author":"Zhou","year":"2019","journal-title":"Adv. Neural Inf. Process. Syst."},{"issue":"3","key":"10.1016\/j.scico.2026.103491_bib0017","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3436877","article-title":"Deepwukong: statically detecting software vulnerabilities using deep graph neural network","volume":"30","author":"Cheng","year":"2021","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"10.1016\/j.scico.2026.103491_bib0018","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2021.106576","article-title":"Bgnn4vd: constructing bidirectional graph neural-network for vulnerability detection","volume":"136","author":"Cao","year":"2021","journal-title":"Inf. Softw. Technol."},{"key":"10.1016\/j.scico.2026.103491_bib0019","series-title":"Proceedings of the 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE)","first-page":"2275","article-title":"Vulnerability detection with graph simplification and enhanced graph representation learning","author":"Wen","year":"2023"},{"key":"10.1016\/j.scico.2026.103491_bib0020","series-title":"Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","first-page":"519","article-title":"Path-sensitive code embedding via contrastive learning for software vulnerability detection","author":"Cheng","year":"2022"},{"issue":"9","key":"10.1016\/j.scico.2026.103491_bib0021","first-page":"2152","article-title":"Vulnerability detection method based on comparative learning","volume":"60","author":"Chen","year":"2023","journal-title":"J. Comput. Res. Develop."},{"key":"10.1016\/j.scico.2026.103491_bib0022","doi-asserted-by":"crossref","DOI":"10.1016\/j.jss.2024.112031","article-title":"GRACE: Empowering LLM-based software vulnerability detection with graph structure and in-context learning","volume":"212","author":"Lu","year":"2024","journal-title":"J. Syst. Softw."},{"key":"10.1016\/j.scico.2026.103491_bib0023","series-title":"Proceedings of the 2010 17th Working Conference on Reverse Engineering","first-page":"35","article-title":"On the use of automated text summarization techniques for summarizing source code","author":"Haiduc","year":"2010"},{"key":"10.1016\/j.scico.2026.103491_bib0024","series-title":"Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing","first-page":"8696","article-title":"CodeT5: identifier-aware unified pre-trained encoder-decoder models for code understanding and generation","author":"Wang","year":"2021"},{"key":"10.1016\/j.scico.2026.103491_bib0025","series-title":"Proceedings of the 38th Annual Computer Security Applications Conference","first-page":"481","article-title":"Transformer-based language models for software vulnerability detection","author":"Thapa","year":"2022"},{"issue":"4","key":"10.1016\/j.scico.2026.103491_bib0026","doi-asserted-by":"crossref","first-page":"1373","DOI":"10.1162\/COLI.a.16","article-title":"Siren\u2019s song in the AI ocean: a survey on hallucination in large language models","volume":"51","author":"Zhang","year":"2025","journal-title":"Comput. Linguist."},{"key":"10.1016\/j.scico.2026.103491_bib0027","series-title":"Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies","first-page":"2655","article-title":"Learning to retrieve prompts for in-context learning","author":"Rubin","year":"2022"},{"key":"10.1016\/j.scico.2026.103491_bib0028","series-title":"Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies","first-page":"2791","article-title":"MetaICL: learning to learn in context","author":"Min","year":"2022"},{"key":"10.1016\/j.scico.2026.103491_bib0029","series-title":"Proceedings of the 2022 Conference on Empirical Methods in Natural Language Processing","first-page":"11048","article-title":"Rethinking the role of demonstrations: what makes in-context learning work?","author":"Min","year":"2022"},{"key":"10.1016\/j.scico.2026.103491_bib0030","series-title":"Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)","first-page":"8410","article-title":"PPT: pre-trained prompt tuning for few-shot learning","author":"Gu","year":"2022"},{"key":"10.1016\/j.scico.2026.103491_bib0031","series-title":"Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering","first-page":"1","article-title":"Large language models are few-shot summarizers: multi-intent comment generation via in-context learning","author":"Geng","year":"2024"},{"key":"10.1016\/j.scico.2026.103491_bib0032","series-title":"2014 IEEE Symposium on Security and Privacy","first-page":"590","article-title":"Modeling and discovering vulnerabilities with code property graphs","author":"Yamaguchi","year":"2014"},{"key":"10.1016\/j.scico.2026.103491_bib0033","series-title":"Proceedings of the 17th International Conference on Mining Software Repositories","first-page":"508","article-title":"A c\/c++ code vulnerability dataset with code changes and CVE summaries","author":"Fan","year":"2020"},{"key":"10.1016\/j.scico.2026.103491_bib0034","series-title":"Proceedings of the 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE)","first-page":"121","article-title":"Data quality for software vulnerability datasets","author":"Croft","year":"2023"},{"key":"10.1016\/j.scico.2026.103491_bib0035","series-title":"Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","first-page":"292","article-title":"Vulnerability detection with fine-grained interpretations","author":"Li","year":"2021"}],"container-title":["Science of Computer Programming"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167642326000572?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167642326000572?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T07:26:48Z","timestamp":1780298808000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167642326000572"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,8]]},"references-count":35,"alternative-id":["S0167642326000572"],"URL":"https:\/\/doi.org\/10.1016\/j.scico.2026.103491","relation":{},"ISSN":["0167-6423"],"issn-type":[{"value":"0167-6423","type":"print"}],"subject":[],"published":{"date-parts":[[2026,8]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Software vulnerability detection via multimodal retrieval and hierarchical decision making","name":"articletitle","label":"Article Title"},{"value":"Science of Computer Programming","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.scico.2026.103491","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"103491"}}