{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2025:BEQN6PSTWZFSONQVWPOSTJW4SW","short_pith_number":"pith:BEQN6PST","canonical_record":{"source":{"id":"2504.16584","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2025-04-23T10:05:27Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"a8d50d712b20a291ebf0c48b21161112c8a724f2707296b4094d09c867d01aab","abstract_canon_sha256":"41b2de66e8e4228fed0edfc14fb7c327e1784612bb9bead3fc6ed777c9a706a9"},"schema_version":"1.0"},"canonical_sha256":"0920df3e53b64b273615b3dd29a6dc95971f872cca82a2f95b1c7bfe0ada7b31","source":{"kind":"arxiv","id":"2504.16584","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2504.16584","created_at":"2026-05-18T03:09:36Z"},{"alias_kind":"arxiv_version","alias_value":"2504.16584v1","created_at":"2026-05-18T03:09:36Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2504.16584","created_at":"2026-05-18T03:09:36Z"},{"alias_kind":"pith_short_12","alias_value":"BEQN6PSTWZFS","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"BEQN6PSTWZFSONQV","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"BEQN6PST","created_at":"2026-05-18T12:33:37Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2025:BEQN6PSTWZFSONQVWPOSTJW4SW","target":"record","payload":{"canonical_record":{"source":{"id":"2504.16584","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2025-04-23T10:05:27Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"a8d50d712b20a291ebf0c48b21161112c8a724f2707296b4094d09c867d01aab","abstract_canon_sha256":"41b2de66e8e4228fed0edfc14fb7c327e1784612bb9bead3fc6ed777c9a706a9"},"schema_version":"1.0"},"canonical_sha256":"0920df3e53b64b273615b3dd29a6dc95971f872cca82a2f95b1c7bfe0ada7b31","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T03:09:36.034645Z","signature_b64":"fC/YUFYHgJi2CRXzHhism/wK8tCsZw2A5SXDMRewCVV47vV9KGtVLn9dlkbtvgJwz4xWMgEYfWS2lrarwu13Dg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"0920df3e53b64b273615b3dd29a6dc95971f872cca82a2f95b1c7bfe0ada7b31","last_reissued_at":"2026-05-18T03:09:36.033998Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T03:09:36.033998Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2504.16584","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T03:09:36Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"isrTi5GliRNkI78YML02kPOLk4zP02JlvDbTtLw+OhE2mEE7I91+wtmbGGsmuz5Nc8mZXAOOsZ85PNgYEy1KAA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T22:00:30.543140Z"},"content_sha256":"c366e73e40ce7446722373bbf4b2857d1d1871be86743c68885ac728c5c901fd","schema_version":"1.0","event_id":"sha256:c366e73e40ce7446722373bbf4b2857d1d1871be86743c68885ac728c5c901fd"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2025:BEQN6PSTWZFSONQVWPOSTJW4SW","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Case Study: Fine-tuning Small Language Models for Accurate and Private CWE Detection in Python Code","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Bangladesh), Bangladesh University of Engineering Technology, Communication Technology, Dhaka, Dinajpur, Hossen A Mustafa (Institute of Information, Md. Azizul Hakim Bappy (Institute of Information, Prottoy Saha (Institute of Information, Rajinus Salehat (Hajee Mohammad Danesh Science, Technology University","submitted_at":"2025-04-23T10:05:27Z","abstract_excerpt":"Large Language Models (LLMs) have demonstrated significant capabilities in understanding and analyzing code for security vulnerabilities, such as Common Weakness Enumerations (CWEs). However, their reliance on cloud infrastructure and substantial computational requirements pose challenges for analyzing sensitive or proprietary codebases due to privacy concerns and inference costs. This work explores the potential of Small Language Models (SLMs) as a viable alternative for accurate, on-premise vulnerability detection. We investigated whether a 350-million parameter pre-trained code model (codeg"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2504.16584","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T03:09:36Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"cF09ZWa9kH5RfVsT4mZZFCfEz7R3bKmN7ZQult6GoS7N9fwdFks5j5rnD7Swh0iGT0Mv+Tn3JMfQdca1M1GXDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T22:00:30.543870Z"},"content_sha256":"03ef2ca0dbf3294668c41348b01522dba915091f82a879acddc86e5f101eb8b6","schema_version":"1.0","event_id":"sha256:03ef2ca0dbf3294668c41348b01522dba915091f82a879acddc86e5f101eb8b6"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/BEQN6PSTWZFSONQVWPOSTJW4SW/bundle.json","state_url":"https://pith.science/pith/BEQN6PSTWZFSONQVWPOSTJW4SW/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/BEQN6PSTWZFSONQVWPOSTJW4SW/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-04T22:00:30Z","links":{"resolver":"https://pith.science/pith/BEQN6PSTWZFSONQVWPOSTJW4SW","bundle":"https://pith.science/pith/BEQN6PSTWZFSONQVWPOSTJW4SW/bundle.json","state":"https://pith.science/pith/BEQN6PSTWZFSONQVWPOSTJW4SW/state.json","well_known_bundle":"https://pith.science/.well-known/pith/BEQN6PSTWZFSONQVWPOSTJW4SW/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2025:BEQN6PSTWZFSONQVWPOSTJW4SW","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"41b2de66e8e4228fed0edfc14fb7c327e1784612bb9bead3fc6ed777c9a706a9","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2025-04-23T10:05:27Z","title_canon_sha256":"a8d50d712b20a291ebf0c48b21161112c8a724f2707296b4094d09c867d01aab"},"schema_version":"1.0","source":{"id":"2504.16584","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2504.16584","created_at":"2026-05-18T03:09:36Z"},{"alias_kind":"arxiv_version","alias_value":"2504.16584v1","created_at":"2026-05-18T03:09:36Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2504.16584","created_at":"2026-05-18T03:09:36Z"},{"alias_kind":"pith_short_12","alias_value":"BEQN6PSTWZFS","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"BEQN6PSTWZFSONQV","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"BEQN6PST","created_at":"2026-05-18T12:33:37Z"}],"graph_snapshots":[{"event_id":"sha256:03ef2ca0dbf3294668c41348b01522dba915091f82a879acddc86e5f101eb8b6","target":"graph","created_at":"2026-05-18T03:09:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Large Language Models (LLMs) have demonstrated significant capabilities in understanding and analyzing code for security vulnerabilities, such as Common Weakness Enumerations (CWEs). However, their reliance on cloud infrastructure and substantial computational requirements pose challenges for analyzing sensitive or proprietary codebases due to privacy concerns and inference costs. This work explores the potential of Small Language Models (SLMs) as a viable alternative for accurate, on-premise vulnerability detection. We investigated whether a 350-million parameter pre-trained code model (codeg","authors_text":"Bangladesh), Bangladesh University of Engineering Technology, Communication Technology, Dhaka, Dinajpur, Hossen A Mustafa (Institute of Information, Md. Azizul Hakim Bappy (Institute of Information, Prottoy Saha (Institute of Information, Rajinus Salehat (Hajee Mohammad Danesh Science, Technology University","cross_cats":["cs.AI"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2025-04-23T10:05:27Z","title":"Case Study: Fine-tuning Small Language Models for Accurate and Private CWE Detection in Python Code"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2504.16584","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:c366e73e40ce7446722373bbf4b2857d1d1871be86743c68885ac728c5c901fd","target":"record","created_at":"2026-05-18T03:09:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"41b2de66e8e4228fed0edfc14fb7c327e1784612bb9bead3fc6ed777c9a706a9","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2025-04-23T10:05:27Z","title_canon_sha256":"a8d50d712b20a291ebf0c48b21161112c8a724f2707296b4094d09c867d01aab"},"schema_version":"1.0","source":{"id":"2504.16584","kind":"arxiv","version":1}},"canonical_sha256":"0920df3e53b64b273615b3dd29a6dc95971f872cca82a2f95b1c7bfe0ada7b31","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"0920df3e53b64b273615b3dd29a6dc95971f872cca82a2f95b1c7bfe0ada7b31","first_computed_at":"2026-05-18T03:09:36.033998Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T03:09:36.033998Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"fC/YUFYHgJi2CRXzHhism/wK8tCsZw2A5SXDMRewCVV47vV9KGtVLn9dlkbtvgJwz4xWMgEYfWS2lrarwu13Dg==","signature_status":"signed_v1","signed_at":"2026-05-18T03:09:36.034645Z","signed_message":"canonical_sha256_bytes"},"source_id":"2504.16584","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:c366e73e40ce7446722373bbf4b2857d1d1871be86743c68885ac728c5c901fd","sha256:03ef2ca0dbf3294668c41348b01522dba915091f82a879acddc86e5f101eb8b6"],"state_sha256":"21a6995024016de395997b0b6869d2bbcf5ddc6aaa7f2b9c108f657dbbf76a44"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"JC7RXQy4cQTDqXIhdOlgIQxOfhldPulO04Va46XuMgeP3xp9KRnIHA7n2cdV6fphcrl8Iu4RmTgDjPAYsB6sCg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-04T22:00:30.545891Z","bundle_sha256":"1a5192083d6c2ef4ce5b704fb3749a4b65636b0ea86b101410d2d73b5f4d5b26"}}