pith. sign in

arxiv: 2604.24822 · v1 · submitted 2026-04-27 · 💻 cs.SE · cs.LG

A systematic literature Review for Transformer-based Software Vulnerability detection

Fiza Naseer , Javed Ali Khan , Muhammad Yaqoob , Alexios Mylonas , Ishaya Gambo This is my paper

Pith reviewed 2026-05-08 02:53 UTC · model grok-4.3

classification 💻 cs.SE cs.LG
keywords transformer modelssoftware vulnerability detectionsystematic literature reviewdeep learning for codevulnerability analysisencoder decoder architecturessmart contract securitydata imbalance
0
0 comments X

The pith

A review of 80 studies maps how transformer models detect software vulnerabilities and highlights recurring technical gaps.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper conducts a systematic literature review of research from 2021 to 2025 that applies transformer architectures to identify vulnerabilities in code. It organizes the work by model type, data sources, programming languages, and evaluation practices while noting persistent difficulties such as unbalanced datasets and limited ability to explain predictions. A reader would care because software vulnerabilities affect critical systems in finance, health, and government, and transformers are currently the leading approach for automated detection. The review aims to give researchers a single reference point for choosing baselines and spotting open problems rather than leaving each new study to start from scratch.

Core claim

By following Kitchenham guidelines, the authors examined 80 studies and grouped transformer models into encoder-only, decoder-only, and combined encoder-decoder architectures. They catalogued the datasets and code types used, the most common pre-trained models and fine-tuning setups, the vulnerability categories targeted, and the metrics applied. The synthesis shows that most work relies on source code or smart-contract data, that encoder architectures dominate, and that four issues repeatedly surface: class imbalance in training data, lack of interpretability for the model's decisions, poor scaling to large codebases, and weak generalization when the model encounters a different programming

What carries the argument

The systematic classification of transformer architectures into encoder, decoder, and combined types, applied to source code, logs, and smart contracts, which structures the comparison of trends, benchmarks, and open challenges across the 80 studies.

If this is right

  • Future studies can adopt the most frequently used benchmarks and reference models identified in the review to enable direct comparison.
  • Researchers should prioritize techniques that mitigate data imbalance and improve cross-language generalization.
  • New work should incorporate interpretability methods so that vulnerability predictions can be explained to developers.
  • Scalability experiments on larger codebases are needed before deployment in production environments.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Security teams could use the consolidated list of common baselines to evaluate commercial tools more consistently.
  • The emphasis on smart-contract data suggests the review's findings may transfer most readily to blockchain security research.
  • A natural next step would be to test whether the identified challenges also appear in non-transformer deep-learning approaches to the same problem.
  • Standardized reporting of dataset statistics and metric choices across papers would make future reviews more reliable.

Load-bearing premise

The 80 chosen papers fully represent all relevant work on the topic and the authors' groupings of architectures, datasets, and challenges contain no selection or interpretation bias.

What would settle it

An independent search that locates substantially more or fewer than 80 qualifying studies between 2021 and 2025, or a re-analysis that places the same papers into different architecture or challenge categories with different frequency counts.

Figures

Figures reproduced from arXiv: 2604.24822 by Alexios Mylonas, Fiza Naseer, Ishaya Gambo, Javed Ali Khan, Muhammad Yaqoob.

Figure 1
Figure 1. Figure 1: SLR methodology stages following the Kitchenham guidelines [48] 3. Methodology 3.1. Studies Source In this article, we conduct a systematic literature review following Kitchenham’s guidelines [48] view at source ↗
Figure 2
Figure 2. Figure 2: Overall workflow of our systematic survey after reviewing their abstracts, which did not align with the objectives of the proposed study. We searched IEEE Xplore using the keywords "Soft￾ware vulnerability detection using transformers" because they yielded the most relevant results compared to the main search query. We found 87 papers in total. Of these, we selected 36 papers for the proposed SLR and exclu… view at source ↗
Figure 3
Figure 3. Figure 3: Number of Publications per Year illustrates the number of research articles published during the period of 2021 to 2025. It shows an increasing trend of transformer-based approaches for software vulnerability detection, with the highest number of papers published in 2025. It highlights the importance of a detailed SLR on transformer-based approaches to software vulnerability de￾tection by identifying the k… view at source ↗
Figure 4
Figure 4. Figure 4: Granularity Level view at source ↗
Figure 5
Figure 5. Figure 5: Popular Baselines view at source ↗
read the original abstract

Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic software vulnerability identification due to their robust contextual modelling and representation learning capabilities. Objectives: While numerous systematic literature reviews (SLRs) have examined machine learning and deep learning methods for identifying vulnerabilities, a more transformer-centric analysis remains to be explored. This SLR critically analysed 80 studies published between 2021 and 2025 that utilised transformer models to identify software vulnerabilities. Methods: Using Kitchenhams SLR guidelines, we methodically evaluate current research from various perspectives, encompassing study trends, datasets and sources, programming languages, transformer frameworks, detection detail levels, assessment metrics, reference models, types of vulnerabilities, and experimental configurations. Results: We classify transformer models into encoder, decoder, and combined architectures and analyse both pre-trained and fine-tuned versions utilized on source code, logs, and smart contracts. The results emphasise prevailing research trends, frequently utilised benchmarks, and main baselines. It also uncovers crucial technical issues like data imbalance, interpretability, scalability, and generalization across programming languages. Conclusion: By integrating current evidence and recognising unaddressed research areas, this SLR provides a consolidated resource for researchers and professionals seeking to develop more reliable, precise, and interpretable transformer-based vulnerability identification systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. This paper presents a systematic literature review (SLR) of transformer-based models for software vulnerability detection. Following Kitchenham's guidelines, it analyzes 80 studies published 2021-2025 across dimensions including study trends, datasets, programming languages, transformer architectures (encoder/decoder/combined, pre-trained vs. fine-tuned), detection levels, metrics, baselines, vulnerability types, and experimental setups. It classifies models, highlights benchmarks, and identifies challenges such as data imbalance, interpretability, scalability, and cross-language generalization, concluding with research gaps.

Significance. If the underlying selection and classification process proves reproducible and unbiased, the review would offer a timely consolidation of recent transformer applications in vulnerability detection, useful for identifying prevalent benchmarks, baselines, and open technical issues. No machine-checked proofs or parameter-free derivations are present; the value rests entirely on the completeness and transparency of the literature synthesis.

major comments (1)
  1. [Methods] Methods section: The claim of following Kitchenham's SLR guidelines is not supported by the required reporting elements. No Boolean search strings, database list with execution dates, PRISMA flow diagram with exact counts at each stage, detailed inclusion/exclusion criteria, quality assessment protocol, or inter-rater reliability measures (e.g., Cohen's kappa) are provided. This directly undermines verification that the 80 studies form a complete, unbiased sample and that classifications of architectures, datasets, and challenges are free from selection or interpretation bias.
minor comments (2)
  1. [Abstract] Abstract: 'Kitchenhams SLR guidelines' should read 'Kitchenham's SLR guidelines'.
  2. [Abstract] Abstract: The range '2021 and 2025' includes a future year; clarify the actual search cutoff date.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback on our systematic literature review. We address the major comment regarding the methods section below and will revise the manuscript to improve transparency and reproducibility.

read point-by-point responses

  1. Referee: [Methods] Methods section: The claim of following Kitchenham's SLR guidelines is not supported by the required reporting elements. No Boolean search strings, database list with execution dates, PRISMA flow diagram with exact counts at each stage, detailed inclusion/exclusion criteria, quality assessment protocol, or inter-rater reliability measures (e.g., Cohen's kappa) are provided. This directly undermines verification that the 80 studies form a complete, unbiased sample and that classifications of architectures, datasets, and challenges are free from selection or interpretation bias.

    Authors: We acknowledge that the current version of the manuscript does not provide the full set of reporting elements required to substantiate adherence to Kitchenham's SLR guidelines. While the methods overview states that Kitchenham's guidelines were followed and describes the overall process at a high level, specific details such as Boolean search strings, database execution dates, a PRISMA flow diagram, explicit inclusion/exclusion criteria, quality assessment protocol, and inter-rater reliability measures (e.g., Cohen's kappa) are indeed absent. This limits independent verification of completeness and bias. In the revised manuscript, we will expand the Methods section with a dedicated subsection that includes: (1) the complete Boolean search strings for each database, (2) the list of databases with exact search execution dates, (3) a PRISMA flow diagram showing exact counts at each screening stage, (4) detailed inclusion and exclusion criteria, (5) the quality assessment protocol and scoring, and (6) inter-rater reliability statistics. These additions will directly support the claim of following the guidelines and allow readers to assess the sample and classifications. We maintain that the 80 studies were selected systematically, but agree that greater detail is essential for full transparency. revision: yes

Circularity Check

0 steps flagged

No circularity in this systematic literature review

full rationale

This paper is a systematic literature review that synthesizes findings from 80 existing studies on transformer-based vulnerability detection using Kitchenham guidelines. It contains no derivations, equations, predictions, fitted parameters, or first-principles results. The central claims consist of classifications of architectures, datasets, trends, and challenges drawn from the reviewed literature, with no steps that reduce by construction to the paper's own inputs or self-citations. The work is self-contained as an external synthesis and exhibits no load-bearing circular patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The review rests on the assumption that Kitchenham's SLR methodology is suitable and that the selected papers adequately cover the transformer-based vulnerability detection literature.

axioms (1)
  • domain assumption Kitchenham's guidelines provide an appropriate and unbiased framework for reviewing software engineering literature on AI methods.
    Explicitly stated in the methods section of the abstract.

pith-pipeline@v0.9.0 · 5561 in / 1179 out tokens · 46538 ms · 2026-05-08T02:53:43.636212+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

114 extracted references · 114 canonical work pages · 1 internal anchor

  1. [1]

    Future Internet 14, 118

    Alaoui,R.L.,Nfaoui,E.H.,2022.Deeplearningforvulnerabilityand attackdetectiononwebapplications:Asystematicliteraturereview. Future Internet 14, 118

    work page 2022

  2. [2]

    Deep learning-based improved transformer modelonandroidmalwaredetectionandclassificationininternetof vehicles

    Almakayeel, N., 2024. Deep learning-based improved transformer modelonandroidmalwaredetectionandclassificationininternetof vehicles. Scientific Reports 14, 25175

    work page 2024

  3. [3]

    Low level source code vulnerability detection using advanced bert language model., in: Canadian AI

    Alqarni, M., Azim, A., 2022. Low level source code vulnerability detection using advanced bert language model., in: Canadian AI

    work page 2022

  4. [4]

    C3- vulmap: A dataset for privacy-aware vulnerability detection in healthcare systems

    Ameh, J.E., Otebolaku, A., Shenfield, A., Ikpehai, A., 2025. C3- vulmap: A dataset for privacy-aware vulnerability detection in healthcare systems. Electronics 14, 2703

    work page 2025

  5. [5]

    Db- cbil: A distilbert-based transformer hybrid model using cnn and bilstm for software vulnerability detection

    Bahaa, A., Kamal, A.E.R., Fahmy, H., Ghoneim, A.S., 2024. Db- cbil: A distilbert-based transformer hybrid model using cnn and bilstm for software vulnerability detection. IEEE Access

    work page 2024

  6. [6]

    A systematic literature review on softwarevulnerabilitypredictionmodels

    Bassi, D., Singh, H., 2023. A systematic literature review on softwarevulnerabilitypredictionmodels. IEEEAccess11,110289– 110311

    work page 2023

  7. [7]

    Bui, V.C., Do, X.C., 2023. Detecting software vulnerabilities based on source code analysis using gcn transformer, in: 2023 RIVF International Conference on Computing and Communication Technologies (RIVF), IEEE. pp. 112–117

    work page 2023

  8. [8]

    Multi-source cross-domain vulnerability detection based on code pre-trained model

    Cao, Y., Dong, Y., 2025. Multi-source cross-domain vulnerability detection based on code pre-trained model. Information and Soft- ware Technology , 107764

    work page 2025

  9. [9]

    Vulnerability detection based on transformer and high-quality number embedding

    Cao, Y., Dong, Y., Peng, J., 2024. Vulnerability detection based on transformer and high-quality number embedding. Concurrency and Computation: Practice and Experience 36, e8292

    work page 2024

  10. [10]

    Transformer-based vulnerability detection in code at EditTime: Zero-shot, few-shot, or fine-tuning?

    Chan,A.,Kharkar,A.,Moghaddam,R.Z.,Mohylevskyy,Y.,Helyar, A.,Kamal,E.,Elkamhawy,M.,Sundaresan,N.,2023. Transformer- based vulnerability detection in code at edittime: Zero-shot, few- shot, or fine-tuning? arXiv preprint arXiv:2306.01754 . Naseer et al.:Preprint submitted to ElsevierPage 24 of 27 SLR for transformer-based Software Vulnerability detection

    work page arXiv 2023

  11. [11]

    Hlt: A hierarchical vulnerability detection model based on transformer, in: 2022 4th International Conference on Data Intelligence and Security (ICDIS), IEEE

    Chen, Y., Liu, Z., 2022. Hlt: A hierarchical vulnerability detection model based on transformer, in: 2022 4th International Conference on Data Intelligence and Security (ICDIS), IEEE. pp. 50–54

    work page 2022

  12. [12]

    Machine learning methods for softwarevulnerabilitydetection,in:ProceedingsofthefourthACM internationalworkshoponsecurityandprivacyanalytics,pp.31–39

    Chernis, B., Verma, R., 2018. Machine learning methods for softwarevulnerabilitydetection,in:ProceedingsofthefourthACM internationalworkshoponsecurityandprivacyanalytics,pp.31–39

    work page 2018

  13. [13]

    Data preparation for soft- ware vulnerability prediction: A systematic literature review

    Croft, R., Xie, Y., Babar, M.A., 2022. Data preparation for soft- ware vulnerability prediction: A systematic literature review. IEEE Transactions on Software Engineering 49, 1044–1063

    work page 2022

  14. [14]

    Cui, H., Zhang, C., Cai, F., 2025. Vulgtda: A software vulnerability detection method via graph transformer and domain adaptation, in: 20255thInternationalConferenceonNeuralNetworks,Information and Communication Engineering (NNICE), IEEE. pp. 1053–1056

    work page 2025

  15. [15]

    Multivd: A transformer-based multitask approach for software vulnerability detection, in: Proceedings of the 21st International Conference on Security and Cryptography, pp

    Curto, C., Giordano, D., Palazzo, S., Indelicato, D., 2024. Multivd: A transformer-based multitask approach for software vulnerability detection, in: Proceedings of the 21st International Conference on Security and Cryptography, pp. 416–423

    work page 2024

  16. [16]

    Cwevulnerabilities

    CWE,. Cwevulnerabilities. https://cwe.mitre.org/. Accessed:2025- 11-18

    work page 2025

  17. [17]

    Devlin, J., Chang, M.W., Lee, K., Toutanova, K., 2019. Bert: Pre-training of deep bidirectional transformers for language un- derstanding, in: Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: humanlanguagetechnologies,volume1(longandshortpapers),pp. 4171–4186

    work page 2019

  18. [18]

    Automated Software Engineering 31, 40

    Do,C.X.,Luu,N.T.,Nguyen,P.T.L.,2024.Optimizingsoftwarevul- nerabilitydetectionusingrobertaandmachinelearning. Automated Software Engineering 31, 40

    work page 2024

  19. [19]

    Anovelapproachfor software vulnerability detection based on ensemble learning model

    DoXuan,C.,Quang,D.B.,Quang,V.D.,2026. Anovelapproachfor software vulnerability detection based on ensemble learning model. Computers and Electrical Engineering 130, 110848

    work page 2026

  20. [20]

    Asystematicliteraturereviewofsoftware vulnerability detection

    Eberendu, A.C., Udegbe, V.I., Ezennorom, E.O., Ibegbulam, A.C., Chinebu,T.I.,etal.,2022. Asystematicliteraturereviewofsoftware vulnerability detection. European Journal of Computer Science and Information Technology 10, 23–37

    work page 2022

  21. [21]

    Python source code vulnerability detection with named entity recognition

    Ehrenberg, M., Sarkani, S., Mazzuchi, T.A., 2024. Python source code vulnerability detection with named entity recognition. Com- puters & Security 140, 103802

    work page 2024

  22. [22]

    CodeBERT: A Pre-Trained Model for Programming and Natural Languages

    Feng,Z.,2020. Codebert:Apre-trainedmodelforprogrammingand natural languages. arXiv preprint arXiv:2002.08155

    work page internal anchor Pith review arXiv 2020

  23. [23]

    Securefalcon: Are we there yet in automated software vulnerability detection with llms? IEEE Transactions on Software Engineering

    Ferrag, M.A., Battah, A., Tihanyi, N., Jain, R., Maimuţ, D., Al- wahedi, F., Lestable, T., Thandi, N.S., Mechri, A., Debbah, M., et al., 2025a. Securefalcon: Are we there yet in automated software vulnerability detection with llms? IEEE Transactions on Software Engineering

    work page

  24. [24]

    Testing CPS with design assumptions-based metamorphic relations and genetic programming,

    Ferrag, M.A., Battah, A., Tihanyi, N., Jain, R., Maimuţ, D., Al- wahedi, F., Lestable, T., Thandi, N.S., Mechri, A., Debbah, M., Cordeiro,L.C.,2025b. Securefalcon:Arewethereyetinautomated software vulnerability detection with llms? IEEE Transactions on Software Engineering 51, 1248–1265. doi:10.1109/TSE.2025. 3548168

    work page doi:10.1109/tse.2025 2025

  25. [25]

    Ferretti,S.,D’Angelo,G.,Ghini,V.,Tomasone,M.B.,2025. Detect- ing smart contract vulnerabilities using transformers and llms, in: 2025 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), IEEE. pp. 7–12

    work page 2025

  26. [26]

    Linevul: A transformer-based line-levelvulnerabilityprediction,in:Proceedingsofthe19thInter- nationalConferenceonMiningSoftwareRepositories,pp.608–620

    Fu, M., Tantithamthavorn, C., 2022. Linevul: A transformer-based line-levelvulnerabilityprediction,in:Proceedingsofthe19thInter- nationalConferenceonMiningSoftwareRepositories,pp.608–620

    work page 2022

  27. [27]

    sguard+: Machine learning guided rule-based automated vulnerability repair onsmartcontracts

    Gao, C., Yang, W., Ye, J., Xue, Y., Sun, J., 2024. sguard+: Machine learning guided rule-based automated vulnerability repair onsmartcontracts. ACMTransactionsonSoftwareEngineeringand Methodology 33, 1–55

    work page 2024

  28. [28]

    Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey

    Ghaffarian, S.M., Shahriari, H.R., 2017. Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey. ACM computing surveys (CSUR) 50, 1–36

    work page 2017

  29. [29]

    Gong, P., Yang, W., Wang, L., Wei, F., HaiLaTi, K., Liao, Y.,

    work page

  30. [30]

    Computers, Materials & Continua 76

    Gratdet:Smartcontractvulnerabilitydetectorbasedongraph representation and transformer. Computers, Materials & Continua 76

    work page

  31. [31]

    Detectbert:Codevulnerabilitydetection,in:2024 Global Conference on Communications and Information Technolo- gies (GCCIT), IEEE

    Gujar,S.S.,2024. Detectbert:Codevulnerabilitydetection,in:2024 Global Conference on Communications and Information Technolo- gies (GCCIT), IEEE. pp. 1–21

    work page 2024

  32. [32]

    Transformer-based semanticembeddingsandhybridneuralnetworksforrobustsoftware vulnerabilitydetection,in:2025InnovationsinPowerandAdvanced Computing Technologies (i-PACT), IEEE

    Gunda, B.S., Krishna, G.B., Rawat, S.S., 2025. Transformer-based semanticembeddingsandhybridneuralnetworksforrobustsoftware vulnerabilitydetection,in:2025InnovationsinPowerandAdvanced Computing Technologies (i-PACT), IEEE. pp. 1–9

    work page 2025

  33. [33]

    Gupta, A.R., Tomar, D.S., Shekhar, R., 2024. Dl-vulbert: A deep learning classifier for the identification of software vulnerabilities, in: 2024 15th International Conference on Computing Communica- tion and Networking Technologies (ICCCNT), IEEE. pp. 1–7

    work page 2024

  34. [34]

    Vulberta: Simplified source code pre-training for vulnerability detection, in: 2022 International joint conference on neural networks (IJCNN), IEEE

    Hanif, H., Maffeis, S., 2022. Vulberta: Simplified source code pre-training for vulnerability detection, in: 2022 International joint conference on neural networks (IJCNN), IEEE. pp. 1–8

    work page 2022

  35. [35]

    A systematic literature review on automated software vulnerability detection using machine learning

    Harzevili, N.s., Belle, A.b., Wang, J., Wang, S., Jiang, Z.m.j., Na- gappan, N., 2025. A systematic literature review on automated software vulnerability detection using machine learning. ACM COMPUTING SURVEYS 57

    work page 2025

  36. [36]

    Vultr: Software vulnerability detection model based on multi-layer key feature en- hancement

    He, H., Wang, S., Wang, Y., Liu, K., Yu, L., 2025. Vultr: Software vulnerability detection model based on multi-layer key feature en- hancement. Computers & Security 148, 104139

    work page 2025

  37. [37]

    Linevd: Statement- level vulnerability detection using graph neural networks, in: Pro- ceedings of the 19th international conference on mining software repositories, pp

    Hin, D., Kan, A., Chen, H., Babar, M.A., 2022. Linevd: Statement- level vulnerability detection using graph neural networks, in: Pro- ceedings of the 19th international conference on mining software repositories, pp. 596–607

    work page 2022

  38. [38]

    Avulnerability detection algorithm based on transformer model, in: International ConferenceonArtificialIntelligenceandSecurity,Springer.pp.43– 55

    Hou,F.,Zhou,K.,Li,L.,Tian,Y.,Li,J.,Li,J.,2022. Avulnerability detection algorithm based on transformer model, in: International ConferenceonArtificialIntelligenceandSecurity,Springer.pp.43– 55

    work page 2022

  39. [39]

    Anunbiasedtransformersourcecodelearningwithseman- tic vulnerability graph, in: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), IEEE

    Islam, N.T., Parra, G.D.L.T., Manuel, D., Bou-Harb, E., Najafirad, P.,2023. Anunbiasedtransformersourcecodelearningwithseman- tic vulnerability graph, in: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), IEEE. pp. 144–159

    work page 2023

  40. [40]

    Design and evalua- tion of highly accurate smart contract code vulnerability detection framework

    Jeon, S., Lee, G., Kim, H., Woo, S.S., 2024. Design and evalua- tion of highly accurate smart contract code vulnerability detection framework. Data Mining and Knowledge Discovery 38, 888–912

    work page 2024

  41. [41]

    Haformer:Semanticfusionofhexmachinecodeandassemblycode for cross-architecture binary vulnerability detection

    Jiang, X., Wang, S., Gong, Y., Yu, T., Liu, L., Yu, X., 2024. Haformer:Semanticfusionofhexmachinecodeandassemblycode for cross-architecture binary vulnerability detection. Computers & Security 145, 104029

    work page 2024

  42. [42]

    JianJie,Y.,Le,W.,2023.Codedefectdetectionmethodbasedonbert and ensemble, in: 2023 9th International Conference on Computer and Communications (ICCC), IEEE. pp. 2130–2138

    work page 2023

  43. [43]

    Kaanan,E.,Karim,T.,Shaon,M.S.H.,Sultan,M.F.,Cuzzocrea,A., Akter,M.S.,2024.Llm-basedapproachforbufferoverflowdetection insourcecode,in:202427thInternationalConferenceonComputer and Information Technology (ICCIT), IEEE. pp. 1898–1902

    work page 2024

  44. [44]

    Transfer learning for software vulnera- bility prediction using transformer models

    Kalouptsoglou, I., Siavvas, M., Ampatzoglou, A., Kehagias, D., Chatzigeorgiou, A., 2025. Transfer learning for software vulnera- bility prediction using transformer models. Journal of Systems and Software 227, 112448

    work page 2025

  45. [45]

    Katz, K., Moshtari, S., Mujhid, I., Mirakhorli, M., Garcia, D.,

    work page

  46. [46]

    Siexvults: Sensitive information exposure vulnerability de- tection system using transformer models and static analysis, in: 2025 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), IEEE. pp. 230–241

    work page 2025

  47. [47]

    Leveraging transformers to discover software vulnerabilities based on source code slices, in: Proceedings of the 2026 Australasian Information Security Confer- ence, pp

    Khan, A.R., Xu, Y., Li, Y., 2026. Leveraging transformers to discover software vulnerabilities based on source code slices, in: Proceedings of the 2026 Australasian Information Security Confer- ence, pp. 1–9

    work page 2026

  48. [48]

    Robustvulnerabilitydetection in solidity-based ethereum smart contracts using fine-tuned trans- former encoder models

    Kim,J.,Lee,S.,Kim,H.,etal.,2024. Robustvulnerabilitydetection in solidity-based ethereum smart contracts using fine-tuned trans- former encoder models. IEEE Access

    work page 2024

  49. [49]

    Kim,S.,Choi,J.,Ahmed,M.E.,Nepal,S.,Kim,H.,2022.Vuldebert: A vulnerability detection system using bert, in: 2022 IEEE Interna- tional Symposium on Software Reliability Engineering Workshops Naseer et al.:Preprint submitted to ElsevierPage 25 of 27 SLR for transformer-based Software Vulnerability detection (ISSREW), IEEE. pp. 69–74

    work page 2022

  50. [50]

    Guidelinesforperforming systematic literature reviews in software engineering

    Kitchenham,B.,Charters,S.,etal.,2007. Guidelinesforperforming systematic literature reviews in software engineering. Technical Report. Technical report, ver. 2.3 ebse technical report. ebse

    work page 2007

  51. [51]

    Asurveyondata-drivensoft- ware vulnerability assessment and prioritization

    Le,T.H.,Chen,H.,Babar,M.A.,2022. Asurveyondata-drivensoft- ware vulnerability assessment and prioritization. ACM Computing Surveys 55, 1–39

    work page 2022

  52. [52]

    Le, T.H.M., Babar, M.A., Thai, T.H., 2024. Software vulner- ability prediction in low-resource languages: An empirical study of codebert and chatgpt, in: Proceedings of the 28th International ConferenceonEvaluationandAssessmentinSoftwareEngineering, pp. 679–685

    work page 2024

  53. [53]

    Li, J., 2025. Macd: Source code vulnerability detection method integrating mamba and attention, in: 2025 7th International Con- ferenceonElectronicsandCommunication,NetworkandComputer Technology (ECNCT), IEEE. pp. 376–380

    work page 2025

  54. [54]

    Li, S., Chen, D., Zhang, J., Wang, H., Li, L., Qian, Y., Liu, H.,

    work page

  55. [55]

    Software vulnerability detection based on anomaly-attention, in: 2022 4th International Conference on Robotics and Computer Vision (ICRCV), IEEE. pp. 261–265

    work page 2022

  56. [56]

    Liang, C., Wei, Q., Jiang, Z., Wang, Y., Du, J., 2024. A source code vulnerability detection method based on adaptive graph neural networks, in: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops, pp. 187–196

    work page 2024

  57. [57]

    Software vulnerability detection using deep neural networks: a survey

    Lin, G., Wen, S., Han, Q.L., Zhang, J., Xiang, Y., 2020. Software vulnerability detection using deep neural networks: a survey. Pro- ceedings of the IEEE 108, 1825–1848

    work page 2020

  58. [58]

    Makingvulnerabilitypre- diction more practical: Prediction, categorization, and localization

    Liu,C.,Chen,X.,Li,X.,Xue,Y.,2024a. Makingvulnerabilitypre- diction more practical: Prediction, categorization, and localization. Information and Software Technology 171, 107458

    work page

  59. [59]

    Automatic software vulnerability detection in binary code, in: International Conference on Machine Learning for Cyber Security, Springer

    Liu, S., Li, L., Ban, X., Chen, C., Zhang, J., Camtepe, S., Xiang, Y., 2024b. Automatic software vulnerability detection in binary code, in: International Conference on Machine Learning for Cyber Security, Springer. pp. 148–166

    work page

  60. [60]

    Software vulnerability detectionwithgptandin-contextlearning,in:20238thInternational Conference on Data Science in Cyberspace (DSC), IEEE

    Liu, Z., Liao, Q., Gu, W., Gao, C., 2023. Software vulnerability detectionwithgptandin-contextlearning,in:20238thInternational Conference on Data Science in Cyberspace (DSC), IEEE. pp. 229– 236

    work page 2023

  61. [61]

    Pre-training bypredictingprogramdependenciesforvulnerabilityanalysistasks, in:ProceedingsoftheIEEE/ACM46thInternationalConferenceon Software Engineering, pp

    Liu, Z., Tang, Z., Zhang, J., Xia, X., Yang, X., 2024c. Pre-training bypredictingprogramdependenciesforvulnerabilityanalysistasks, in:ProceedingsoftheIEEE/ACM46thInternationalConferenceon Software Engineering, pp. 1–13

    work page

  62. [62]

    Assessing the effectiveness of vulnerability detection via prompt tuning: An empirical study, in: 2023 30th Asia-Pacific Software Engineering Conference (APSEC), IEEE

    Lu, G., Ju, X., Chen, X., Yang, S., Chen, L., Shen, H., 2023. Assessing the effectiveness of vulnerability detection via prompt tuning: An empirical study, in: 2023 30th Asia-Pacific Software Engineering Conference (APSEC), IEEE. pp. 415–424

    work page 2023

  63. [63]

    Harnessing the power of llms in source code vulnerability detection, in: MILCOM 2024-2024 IEEE Military Communications Conference (MILCOM), IEEE

    Mahyari, A.A., 2024. Harnessing the power of llms in source code vulnerability detection, in: MILCOM 2024-2024 IEEE Military Communications Conference (MILCOM), IEEE. pp. 251–256

    work page 2024

  64. [64]

    A transformer- based ide plugin for vulnerability detection, in: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp

    Mamede, C., Pinconschi, E., Abreu, R., 2022. A transformer- based ide plugin for vulnerability detection, in: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pp. 1–4

    work page 2022

  65. [65]

    Healthcarefrauddetectionusingadaptivelearninganddeeplearning techniques

    Matloob, I., Khan, S., Rukaiya, R., Alfraihi, H., Ali Khan, J., 2025. Healthcarefrauddetectionusingadaptivelearninganddeeplearning techniques. Evolving Systems 16, 72

    work page 2025

  66. [66]

    Secureqwen:Leverag- ingllmsforvulnerabilitydetectioninpythoncodebases

    Mechri,A.,Ferrag,M.A.,Debbah,M.,2025. Secureqwen:Leverag- ingllmsforvulnerabilitydetectioninpythoncodebases. Computers & Security 148, 104151

    work page 2025

  67. [67]

    Ladle: a method for unsupervised anomaly detection across log types

    Mylläri, J., Aalto, T., Nurminen, J.K., 2025. Ladle: a method for unsupervised anomaly detection across log types. Automated Software Engineering 32, 34

    work page 2025

  68. [68]

    Mando-hgt: Heterogeneous graph transformers for smart contract vulnerability detection, in: 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), IEEE

    Nguyen, H.H., Nguyen, N.M., Xie, C., Ahmadi, Z., Kudendo, D., Doan, T.N., Jiang, L., 2023. Mando-hgt: Heterogeneous graph transformers for smart contract vulnerability detection, in: 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), IEEE. pp. 334–346

    work page 2023

  69. [69]

    Abundant modalities offermorenutrients:Multi-modal-basedfunction-levelvulnerability detection

    Ni, C., Yin, X., Li, X., Xu, X., Yu, Z., 2025. Abundant modalities offermorenutrients:Multi-modal-basedfunction-levelvulnerability detection. ACMTransactionsonSoftwareEngineeringandMethod- ology

    work page 2025

  70. [70]

    Open science in software engineering: A study on deep learning- based vulnerability detection

    Nong, Y., Sharma, R., Hamou-Lhadj, A., Luo, X., Cai, H., 2022. Open science in software engineering: A study on deep learning- based vulnerability detection. IEEE Transactions on Software Engineering 49, 1983–2005

    work page 2022

  71. [71]

    Oladokun, O., Rice, J., 2025. How effective are pretrained pro- gramminglanguage-basedlanguagemodels(pllms)inthedetection of android vulnerabilities?, in: 2025 IEEE Canadian Conference on ElectricalandComputerEngineering(CCECE),IEEE.pp.150–154

    work page 2025

  72. [72]

    Real-world examples of application security breaches

    Pavicic, B., . Real-world examples of application security breaches. https://true-positives.com/appsec-blog/cybersecurity- breaches-real-world-examples-lessons-learned. Accessed:2025-11- 25

    work page 2025

  73. [73]

    Peng,T.,Chen,S.,Zhu,F.,Tang,J.,Liu,J.,Hu,X.,2023. Ptlvd:Pro- gramslicingandtransformer-basedline-levelvulnerabilitydetection system, in: 2023 IEEE 23rd International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE. pp. 162– 173

    work page 2023

  74. [74]

    Codebert-based embeddings for detecting vulnerable smartcontracts,in:2025IEEE50thConferenceonLocalComputer Networks (LCN), IEEE

    Perera, A., Pillai, B., Tharani, J.S., Rao, A.S., Muthukkumarasamy, V., 2025. Codebert-based embeddings for detecting vulnerable smartcontracts,in:2025IEEE50thConferenceonLocalComputer Networks (LCN), IEEE. pp. 1–9

    work page 2025

  75. [75]

    Perl,H.,Dechand,S.,Smith,M.,Arp,D.,Yamaguchi,F.,Rieck,K., Fahl,S.,Acar,Y.,2015. Vccfinder:Findingpotentialvulnerabilities in open-source projects to assist code audits, in: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 426–437

    work page 2015

  76. [76]

    Software vulnerability detection using large language models, in: 2023 IEEE 34th International Symposium on Software Reliability Engineering Workshops (ISSREW), IEEE

    Purba, M.D., Ghosh, A., Radford, B.J., Chu, B., 2023. Software vulnerability detection using large language models, in: 2023 IEEE 34th International Symposium on Software Reliability Engineering Workshops (ISSREW), IEEE. pp. 112–119

    work page 2023

  77. [77]

    Reza, S.I., Moon, I.T., Fahim, M.F.S., Alam, A., Sheikh, M.T.,

    work page

  78. [78]

    An empirical analysis of transformer-based models with lime explainability for javascript vulnerability detection, in: 2026 5th International Conference on Electrical, Computer & Telecom- munication Engineering (ICECTE), IEEE. pp. 1–6

    work page 2026

  79. [79]

    Rusinova, Z., Chernyshov, Y., Dolganov, A., 2024. Explaining of transformer-based models for vulnerable function detection, in: 2024 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), IEEE. pp. 304–307

    work page 2024

  80. [80]

    Vulnerai: Gpt based web ap- plication vulnerability detection, in: 2024 International Conference onArtificialIntelligence,MetaverseandCybersecurity(ICAMAC), IEEE

    Saimbhi, S.S., Akpinar, K.O., 2024. Vulnerai: Gpt based web ap- plication vulnerability detection, in: 2024 International Conference onArtificialIntelligence,MetaverseandCybersecurity(ICAMAC), IEEE. pp. 1–6

    work page 2024

Showing first 80 references.