Vulnerability Detection with Code Language Models: How Far are We?

Ding, Yangruibo; Fu, Yanjun; Ibrahim, Omniyyah; Sitawarin, Chawin; Chen, Xinyun; Alomair, Basel; Wagner, David; Ray, Baishakhi; Chen, Yizheng

doi:10.1109/icse55347.2025.00038

articleApr 26, 2025Closed access

Vulnerability Detection with Code Language Models: How Far are We?

YDYangruibo Ding YFYanjun Fu OIOmniyyah Ibrahim CSChawin Sitawarin XCXinyun Chen

Columbia University · University of Washington · +6 more institutions

Indexed incrossref

Abstract

In the context of the rising interest in code language models (code LMs) and vulnerability detection, we study the effectiveness of code LMs for detecting vulnerabilities. Our analysis reveals significant shortcomings in existing vulnerability datasets, including poor data quality, low label accuracy, and high duplication rates, leading to unreliable model performance in realistic vulnerability detection scenarios. Additionally, the evaluation methods used with these datasets are not representative of real-world vulnerability detection. To address these challenges, we introduce Primevul, a new dataset for training and evaluating code LMs for vulnerability detection. Primevul incorporates a novel set of data…

Citation impact

44

total citations

FWCI: 52.67
Percentile: 100%
References: 35

Citations per year

Authors

9

Topics & keywords

Topics

Keywords

Computer science
Code (set theory)
Programming language
Vulnerability (computing)
Computer security

No related works found for this paper.

Funding

NS
National Science Foundation
Award: 2229876,2154873,2221943,2313055,1845893,2107405