{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2024:SLFAEP5WHROX4MPL4HZFZZC7QL","short_pith_number":"pith:SLFAEP5W","schema_version":"1.0","canonical_sha256":"92ca023fb63c5d7e31ebe1f25ce45f82e3c06cfbd893534a52fc45282f2f2087","source":{"kind":"arxiv","id":"2403.18624","version":2},"attestation_state":"computed","paper":{"title":"Vulnerability Detection with Code Language Models: How Far Are We?","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.CL"],"primary_cat":"cs.SE","authors_text":"Baishakhi Ray, Basel Alomair, Chawin Sitawarin, David Wagner, Omniyyah Ibrahim, Xinyun Chen, Yangruibo Ding, Yanjun Fu, Yizheng Chen","submitted_at":"2024-03-27T14:34:29Z","abstract_excerpt":"In the context of the rising interest in code language models (code LMs) and vulnerability detection, we study the effectiveness of code LMs for detecting vulnerabilities. Our analysis reveals significant shortcomings in existing vulnerability datasets, including poor data quality, low label accuracy, and high duplication rates, leading to unreliable model performance in realistic vulnerability detection scenarios. Additionally, the evaluation methods used with these datasets are not representative of real-world vulnerability detection.\n  To address these challenges, we introduce PrimeVul, a n"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2403.18624","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2024-03-27T14:34:29Z","cross_cats_sorted":["cs.CL"],"title_canon_sha256":"435a225d96be32f546fef27cdc7eca174defabfd8ecbede2f5f78a1e257519ed","abstract_canon_sha256":"90ba4de409cf8ab807f7048768583887043ca0d2631e2974ce135065af01002c"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T08:42:03.242642Z","signature_b64":"SWqp0YIYNn0X5Iajj1PfL5OwtbGRJhX/HTREFneLh4nj0DHvgmbk4gq6HGjns9682egAAkdt3UpSiVJGISNwCQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"92ca023fb63c5d7e31ebe1f25ce45f82e3c06cfbd893534a52fc45282f2f2087","last_reissued_at":"2026-07-05T08:42:03.242180Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T08:42:03.242180Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Vulnerability Detection with Code Language Models: How Far Are We?","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.CL"],"primary_cat":"cs.SE","authors_text":"Baishakhi Ray, Basel Alomair, Chawin Sitawarin, David Wagner, Omniyyah Ibrahim, Xinyun Chen, Yangruibo Ding, Yanjun Fu, Yizheng Chen","submitted_at":"2024-03-27T14:34:29Z","abstract_excerpt":"In the context of the rising interest in code language models (code LMs) and vulnerability detection, we study the effectiveness of code LMs for detecting vulnerabilities. Our analysis reveals significant shortcomings in existing vulnerability datasets, including poor data quality, low label accuracy, and high duplication rates, leading to unreliable model performance in realistic vulnerability detection scenarios. Additionally, the evaluation methods used with these datasets are not representative of real-world vulnerability detection.\n  To address these challenges, we introduce PrimeVul, a n"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2403.18624","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2403.18624/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2403.18624","created_at":"2026-07-05T08:42:03.242236+00:00"},{"alias_kind":"arxiv_version","alias_value":"2403.18624v2","created_at":"2026-07-05T08:42:03.242236+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2403.18624","created_at":"2026-07-05T08:42:03.242236+00:00"},{"alias_kind":"pith_short_12","alias_value":"SLFAEP5WHROX","created_at":"2026-07-05T08:42:03.242236+00:00"},{"alias_kind":"pith_short_16","alias_value":"SLFAEP5WHROX4MPL","created_at":"2026-07-05T08:42:03.242236+00:00"},{"alias_kind":"pith_short_8","alias_value":"SLFAEP5W","created_at":"2026-07-05T08:42:03.242236+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":26,"internal_anchor_count":0,"sample":[{"citing_arxiv_id":"2606.25356","citing_title":"Representation Matters: An Empirical Study of Program Representations for LLM Vulnerability Reasoning","ref_index":2,"is_internal_anchor":false},{"citing_arxiv_id":"2606.20502","citing_title":"Calibration Without Comprehension: Diagnosing the Limits of Fine-Tuning LLMs for Vulnerability Detection in Systems Software","ref_index":21,"is_internal_anchor":false},{"citing_arxiv_id":"2606.07363","citing_title":"On the Shoulders of Giants: Empowering Automated Smart Contract Auditing via the GiAnt Corpus","ref_index":13,"is_internal_anchor":false},{"citing_arxiv_id":"2606.04460","citing_title":"CyberGym-E2E: Scalable Real-World Benchmark for AI Agents' End-to-End Cybersecurity Capabilities","ref_index":4,"is_internal_anchor":false},{"citing_arxiv_id":"2606.03387","citing_title":"Bastet: A Fine-Grained Expert-Labeled Dataset for DeFi Smart Contract Vulnerability Detection","ref_index":5,"is_internal_anchor":false},{"citing_arxiv_id":"2605.28602","citing_title":"Satisfiability Solving with LLMs: A Matched-Pair Evaluation of Reasoning Capability","ref_index":15,"is_internal_anchor":false},{"citing_arxiv_id":"2605.29901","citing_title":"Dissecting the Black Box: Circuit-Level Analysis of LLM Vulnerability Detection","ref_index":7,"is_internal_anchor":false},{"citing_arxiv_id":"2412.11194","citing_title":"Direction for Detection: A Survey of Automated Vulnerability Detection and all of its Pain Points","ref_index":141,"is_internal_anchor":false},{"citing_arxiv_id":"2503.14281","citing_title":"XOXO: Stealthy Cross-Origin Context Poisoning Attacks against AI Coding Assistants","ref_index":17,"is_internal_anchor":false},{"citing_arxiv_id":"2601.22655","citing_title":"Do Fine-Tuned LLMs Understand Vulnerabilities? An Investigation into the Semantic Trap","ref_index":7,"is_internal_anchor":false},{"citing_arxiv_id":"2605.21615","citing_title":"ASSEMBLAGE-DEEPHISTORY: A Cross-Build Binary Dataset with Temporal Coverage","ref_index":19,"is_internal_anchor":false},{"citing_arxiv_id":"2605.20788","citing_title":"BioDefect: The First Dataset for Defect Detection in Bioinformatics Software","ref_index":19,"is_internal_anchor":false},{"citing_arxiv_id":"2509.09192","citing_title":"ReDef: Do Code Language Models Truly Understand Code Changes for Just-in-Time Software Defect Prediction?","ref_index":9,"is_internal_anchor":false},{"citing_arxiv_id":"2511.05476","citing_title":"A Metamorphic Testing Perspective on Knowledge Distillation for Language Models of Code: Does the Student Deeply Mimic the Teacher?","ref_index":4,"is_internal_anchor":false},{"citing_arxiv_id":"2601.02438","citing_title":"Focus on What Matters: Fisher-Guided Adaptive Multimodal Fusion for Vulnerability Detection","ref_index":6,"is_internal_anchor":false},{"citing_arxiv_id":"2605.15097","citing_title":"Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries","ref_index":14,"is_internal_anchor":false},{"citing_arxiv_id":"2605.13138","citing_title":"Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study","ref_index":9,"is_internal_anchor":false},{"citing_arxiv_id":"2605.09461","citing_title":"VulTriage: Triple-Path Context Augmentation for LLM-Based Vulnerability Detection","ref_index":1,"is_internal_anchor":false},{"citing_arxiv_id":"2605.09461","citing_title":"VulTriage: Triple-Path Context Augmentation for LLM-Based Vulnerability Detection","ref_index":1,"is_internal_anchor":false},{"citing_arxiv_id":"2604.25711","citing_title":"Learning Generalizable Multimodal Representations for Software Vulnerability Detection","ref_index":15,"is_internal_anchor":false},{"citing_arxiv_id":"2605.05807","citing_title":"LCC-LLM: Leveraging Code-Centric Large Language Models for Malware Attribution","ref_index":13,"is_internal_anchor":false},{"citing_arxiv_id":"2604.10800","citing_title":"Verify Before You Fix: Agentic Execution Grounding for Trustworthy Cross-Language Code Analysis","ref_index":14,"is_internal_anchor":false},{"citing_arxiv_id":"2604.10767","citing_title":"VulWeaver: Weaving Broken Semantics for Grounded Vulnerability Detection","ref_index":9,"is_internal_anchor":false},{"citing_arxiv_id":"2604.08417","citing_title":"Vulnerability Detection with Interprocedural Context in Multiple Languages: Assessing Effectiveness and Cost of Modern LLMs","ref_index":4,"is_internal_anchor":false},{"citing_arxiv_id":"2604.06618","citing_title":"PoC-Adapt: Semantic-Aware Automated Vulnerability Reproduction with LLM Multi-Agents and Reinforcement Learning-Driven Adaptive Policy","ref_index":43,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL","json":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL.json","graph_json":"https://pith.science/api/pith-number/SLFAEP5WHROX4MPL4HZFZZC7QL/graph.json","events_json":"https://pith.science/api/pith-number/SLFAEP5WHROX4MPL4HZFZZC7QL/events.json","paper":"https://pith.science/paper/SLFAEP5W"},"agent_actions":{"view_html":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL","download_json":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL.json","view_paper":"https://pith.science/paper/SLFAEP5W","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2403.18624&json=true","fetch_graph":"https://pith.science/api/pith-number/SLFAEP5WHROX4MPL4HZFZZC7QL/graph.json","fetch_events":"https://pith.science/api/pith-number/SLFAEP5WHROX4MPL4HZFZZC7QL/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL/action/timestamp_anchor","attest_storage":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL/action/storage_attestation","attest_author":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL/action/author_attestation","sign_citation":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL/action/citation_signature","submit_replication":"https://pith.science/pith/SLFAEP5WHROX4MPL4HZFZZC7QL/action/replication_record"}},"created_at":"2026-07-05T08:42:03.242236+00:00","updated_at":"2026-07-05T08:42:03.242236+00:00"}