{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T07:17:31Z","timestamp":1783408651714,"version":"3.54.6"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T00:00:00Z","timestamp":1775952000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100001858","name":"Vinnova","doi-asserted-by":"publisher","award":["2021-04212"],"award-info":[{"award-number":["2021-04212"]}],"id":[{"id":"10.13039\/501100001858","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,12]]},"DOI":"10.1145\/3786181.3788722","type":"proceedings-article","created":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T06:28:24Z","timestamp":1783405704000},"page":"184-191","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["RAG Against the Machine: Zero-Shot Software Vulnerabilities Classification using LLMs"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-2019-2672","authenticated-orcid":false,"given":"Edvin","family":"Nordqvist","sequence":"first","affiliation":[{"name":"KTH Royal Institute of Technology, Stockholm, Sweden"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4604-1180","authenticated-orcid":false,"given":"Changjie","family":"Wang","sequence":"additional","affiliation":[{"name":"KTH Royal Institute of Technology, Stockholm, Sweden"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0722-2656","authenticated-orcid":false,"given":"Simone","family":"Ferlin","sequence":"additional","affiliation":[{"name":"Red Hat, Raleigh, North Carolina, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9780-873X","authenticated-orcid":false,"given":"Mariano","family":"Scazzariello","sequence":"additional","affiliation":[{"name":"RISE Research Institutes of Sweden, Stockholm, Sweden"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9675-9729","authenticated-orcid":false,"given":"Marco","family":"Chiesa","sequence":"additional","affiliation":[{"name":"KTH Royal Institute of Technology, Stockholm, Sweden"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,7,6]]},"reference":[{"key":"e_1_3_3_1_2_2","volume-title":"CVE: Common Vulnerabilities and Exposures","unstructured":"[n. d.]. CVE: Common Vulnerabilities and Exposures. https:\/\/www.cve.org\/About\/Overview"},{"key":"e_1_3_3_1_3_2","volume-title":"CVE: Common Vulnerabilities and Exposures","unstructured":"[n. d.]. CVE: Common Vulnerabilities and Exposures. https:\/\/www.cve.org\/About\/History"},{"key":"e_1_3_3_1_4_2","volume-title":"CWE - CVE \u2192 CWE Mapping \"Root Cause Mapping\" Guidance","unstructured":"[n. d.]. CWE - CVE \u2192 CWE Mapping \"Root Cause Mapping\" Guidance. https:\/\/cwe.mitre.org\/documents\/cwe_usage\/guidance.html"},{"key":"e_1_3_3_1_5_2","volume-title":"CWE - CWE Glossary","unstructured":"[n. d.]. CWE - CWE Glossary. https:\/\/cwe.mitre.org\/documents\/glossary\/index.html#Weakness"},{"key":"e_1_3_3_1_6_2","volume-title":"NVD - CNAs and CVE Counting","unstructured":"[n. d.]. NVD - CNAs and CVE Counting. https:\/\/nvd.nist.gov\/general\/cna-counting"},{"key":"e_1_3_3_1_7_2","volume-title":"NVD - How We Assess Acceptance Levels","unstructured":"[n. d.]. NVD - How We Assess Acceptance Levels. https:\/\/nvd.nist.gov\/vuln\/cvmap\/How-We-Assess-Acceptance-Levels"},{"key":"e_1_3_3_1_8_2","volume-title":"NVD - Understanding Acceptance Levels","unstructured":"[n. d.]. NVD - Understanding Acceptance Levels. https:\/\/nvd.nist.gov\/vuln\/cvmap\/Understanding-Acceptance-Levels"},{"key":"e_1_3_3_1_9_2","volume-title":"What Is a Zero-Day Exploit? | IBM","year":"2023","unstructured":"2023. What Is a Zero-Day Exploit? | IBM. https:\/\/www.ibm.com\/think\/topics\/zero-day"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63086-7_2"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/WIECON-ECE60392.2023.10456393"},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.5220\/0012770400003767"},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC50000.2020.9219568"},{"key":"e_1_3_3_1_14_2","unstructured":"Beijing Academy of Artificial Intelligence (BAAI). 2023. BAAI\/bge-large-en-v1.5: an English sentence\u2010embedding model. https:\/\/huggingface.co\/BAAI\/bge-large-en-v1.5."},{"key":"e_1_3_3_1_15_2","unstructured":"Casey Charrier James Sadowski Clement Lecigne and Vlad Stolyarov. 2025. Hello 0-Days My Old Friend: A 2024 Zero-Day Exploitation Analysis. https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/2024-zero-day-trends"},{"key":"e_1_3_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/LLM4Code66737.2025.00010"},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"publisher","unstructured":"Fabio Crestani Mounia Lalmas Cornelis\u00a0J. Van\u00a0Rijsbergen and Iain Campbell. 1998. \u201cIs this document relevant?\u2026probably\u201d: a survey of probabilistic models in information retrieval. ACM Comput. Surv. 30 4 (Dec. 1998) 528\u2013552. 10.1145\/299917.299920","DOI":"10.1145\/299917.299920"},{"key":"e_1_3_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSAA53316.2021.9564227"},{"key":"e_1_3_3_1_19_2","unstructured":"Matthijs Douze Alexandr Guzhva Chengqi Deng Jeff Johnson Gergely Szilvasy Pierre-Emmanuel Mazar\u00e9 Maria Lomeli Lucas Hosseini and Herv\u00e9 J\u00e9gou. 2025. The Faiss library. arxiv:https:\/\/arXiv.org\/abs\/2401.08281\u00a0[cs.LG] https:\/\/arxiv.org\/abs\/2401.08281"},{"key":"e_1_3_3_1_20_2","unstructured":"Angela Fan Beliz Gokkaya Mark Harman Mitya Lyubarskiy Shubho Sengupta Shin Yoo and Jie\u00a0M. Zhang. 2023. Large Language Models for Software Engineering: Survey and Open Problems. arxiv:https:\/\/arXiv.org\/abs\/2310.03533\u00a0[cs.SE] https:\/\/arxiv.org\/abs\/2310.03533"},{"key":"e_1_3_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-70879-4_14"},{"key":"e_1_3_3_1_22_2","unstructured":"Quentin Herreros and Thomas Veasey. 2023. Improving Information Retrieval in the Elastic Stack: Hybrid Retrieval. https:\/\/www.elastic.co\/search-labs\/blog\/improving-information-retrieval-elastic-stack-hybrid. Accessed: 2025-11-01."},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"publisher","unstructured":"Kethan Kota Manjunatha A and Sree\u00a0Vivek S. 2024. CWE Prediction Using CVE Description - The Semantic Similarity Approach. Procedia Computer Science 235 (2024) 1167\u20131178. 10.1016\/j.procs.2024.04.111","DOI":"10.1016\/j.procs.2024.04.111"},{"key":"e_1_3_3_1_24_2","first-page":"9459","volume-title":"Advances in Neural Information Processing Systems","author":"Lewis Patrick","year":"2020","unstructured":"Patrick Lewis, Ethan Perez, Aleksandra Piktus, Fabio Petroni, Vladimir Karpukhin, Naman Goyal, Heinrich K\u00fcttler, Mike Lewis, Wen-tau Yih, Tim Rockt\u00e4schel, Sebastian Riedel, and Douwe Kiela. 2020. Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks. In Advances in Neural Information Processing Systems (Vancouver, Canada, 2020), H.\u00a0Larochelle, M.\u00a0Ranzato, R.\u00a0Hadsell, M.F. Balcan, and H.\u00a0Lin (Eds.), Vol.\u00a033. Curran Associates, Inc., 9459\u20139474. https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2020\/file\/6b493230205f780e1bc26945df7481e5-Paper.pdf"},{"key":"e_1_3_3_1_25_2","unstructured":"Siyi Liu Kishaloy Halder Zheng Qi Wei Xiao Nikolaos Pappas Phu\u00a0Mon Htut Neha\u00a0Anna John Yassine Benajiba and Dan Roth. 2025. Towards Long Context Hallucination Detection. arxiv:https:\/\/arXiv.org\/abs\/2504.19457\u00a0[cs.CL] https:\/\/arxiv.org\/abs\/2504.19457"},{"key":"e_1_3_3_1_26_2","doi-asserted-by":"publisher","unstructured":"Guilong Lu Xiaolin Ju Xiang Chen Wenlong Pei and Zhilong Cai. 2024. GRACE: Empowering LLM-based software vulnerability detection with graph structure and in-context learning. Journal of Systems and Software 212 (2024) 112031. 10.1016\/j.jss.2024.112031","DOI":"10.1016\/j.jss.2024.112031"},{"key":"e_1_3_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-49106-6_65"},{"key":"e_1_3_3_1_28_2","doi-asserted-by":"publisher","unstructured":"Mengyuan Pan Po Wu Yiwei Zou Chong Ruan and Tao Zhang. 2023. An Automatic Vulnerability Classification Framework Based on BiGRU-TextCNN. Procedia Computer Science 222 (2023) 377\u2013386. 10.1016\/j.procs.2023.08.176","DOI":"10.1016\/j.procs.2023.08.176"},{"key":"e_1_3_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2401.18059"},{"key":"e_1_3_3_1_30_2","unstructured":"Clemens Sauerwein Christian Sillaber and Ruth Breu. 2018. Shadow Cyber Threat Intelligence and Its Use in Information Security and Risk Management Processes."},{"key":"e_1_3_3_1_31_2","doi-asserted-by":"publisher","unstructured":"Haifeng Wang Jiwei Li Hua Wu Eduard Hovy and Yu Sun. 2023. Pre-Trained Language Models and Their Applications. Engineering 25 (2023) 51\u201365. 10.1016\/j.eng.2022.04.024","DOI":"10.1016\/j.eng.2022.04.024"},{"key":"e_1_3_3_1_32_2","unstructured":"Jin Wang Zishan Huang Hengli Liu Nianyi Yang and Yinhao Xiao. 2023. DefectHunter: A Novel LLM-Driven Boosted-Conformer-based Code Vulnerability Detection Mechanism. arxiv:https:\/\/arXiv.org\/abs\/2309.15324\u00a0[cs.CR] https:\/\/arxiv.org\/abs\/2309.15324"},{"key":"e_1_3_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSE53436.2021.00030"}],"event":{"name":"LLM4Code '26: 3rd International Workshop on Large Language Models For Code","location":"Rio de Janeiro Brazil","acronym":"LLM4Code '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the 3rd International Workshop on Large Language Models For Code"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3786181.3788722","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T06:36:29Z","timestamp":1783406189000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3786181.3788722"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":32,"alternative-id":["10.1145\/3786181.3788722","10.1145\/3786181"],"URL":"https:\/\/doi.org\/10.1145\/3786181.3788722","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-07-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}