{"id":"https://openalex.org/W4416344294","doi":"https://doi.org/10.1007/978-3-032-12092-2_3","title":"Cross-Domain Evaluation of\u00a0Transformer-Based Vulnerability Detection on\u00a0Open and Industry Data","display_name":"Cross-Domain Evaluation of\u00a0Transformer-Based Vulnerability Detection on\u00a0Open and Industry Data","publication_year":2025,"publication_date":"2025-11-18","ids":{"openalex":"https://openalex.org/W4416344294","doi":"https://doi.org/10.1007/978-3-032-12092-2_3"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-032-12092-2_3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-032-12092-2_3","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-12092-2_3.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-12092-2_3.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063211230","display_name":"Moritz Mock","orcid":"https://orcid.org/0009-0009-3156-6211"},"institutions":[{"id":"https://openalex.org/I171543936","display_name":"Free University of Bozen-Bolzano","ror":"https://ror.org/012ajp527","country_code":"IT","type":"education","lineage":["https://openalex.org/I171543936"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Moritz Mock","raw_affiliation_strings":["Faculty of Engineering, Free University of Bozen-Bolzano, Bolzano, Italy"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, Free University of Bozen-Bolzano, Bolzano, Italy","institution_ids":["https://openalex.org/I171543936"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5098724358","display_name":"Thomas Forrer","orcid":null},"institutions":[{"id":"https://openalex.org/I4210091033","display_name":"Ospedale di Bolzano","ror":"https://ror.org/00cmk4n56","country_code":"IT","type":"healthcare","lineage":["https://openalex.org/I4210091033"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Thomas Forrer","raw_affiliation_strings":["R&D Department, W\u00fcrth Phoenix, Bolzano, Italy"],"affiliations":[{"raw_affiliation_string":"R&D Department, W\u00fcrth Phoenix, Bolzano, Italy","institution_ids":["https://openalex.org/I4210091033"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014354355","display_name":"Barbara Russo","orcid":"https://orcid.org/0000-0003-3737-9264"},"institutions":[{"id":"https://openalex.org/I171543936","display_name":"Free University of Bozen-Bolzano","ror":"https://ror.org/012ajp527","country_code":"IT","type":"education","lineage":["https://openalex.org/I171543936"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Barbara Russo","raw_affiliation_strings":["Faculty of Engineering, Free University of Bozen-Bolzano, Bolzano, Italy"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, Free University of Bozen-Bolzano, Bolzano, Italy","institution_ids":["https://openalex.org/I171543936"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5063211230"],"corresponding_institution_ids":["https://openalex.org/I171543936"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.69919403,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"36","last_page":"52"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.3862999975681305,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.3862999975681305,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.3443000018596649,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.10559999942779541,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6370000243186951},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6323999762535095},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5906000137329102},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5415999889373779},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.5145000219345093},{"id":"https://openalex.org/keywords/subject-matter-expert","display_name":"Subject-matter expert","score":0.3352000117301941},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.3255999982357025}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8676000237464905},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6370000243186951},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6323999762535095},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5906000137329102},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5415999889373779},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.5145000219345093},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.47870001196861267},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.43160000443458557},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.40549999475479126},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3352000117301941},{"id":"https://openalex.org/C105002631","wikidata":"https://www.wikidata.org/wiki/Q4833645","display_name":"Subject-matter expert","level":3,"score":0.3352000117301941},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.3255999982357025},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3160000145435333},{"id":"https://openalex.org/C19527686","wikidata":"https://www.wikidata.org/wiki/Q1665453","display_name":"System integration","level":2,"score":0.30869999527931213},{"id":"https://openalex.org/C207685749","wikidata":"https://www.wikidata.org/wiki/Q2088941","display_name":"Domain knowledge","level":2,"score":0.3061000108718872},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3003999888896942},{"id":"https://openalex.org/C136536468","wikidata":"https://www.wikidata.org/wiki/Q1225894","display_name":"Undersampling","level":2,"score":0.2962999939918518},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.29490000009536743},{"id":"https://openalex.org/C557471498","wikidata":"https://www.wikidata.org/wiki/Q554950","display_name":"Recommender system","level":2,"score":0.2854999899864197},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.27239999175071716},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.2639999985694885},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.25450000166893005}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1007/978-3-032-12092-2_3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-032-12092-2_3","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-12092-2_3.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:arXiv.org:2509.09313","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.09313","pdf_url":"https://arxiv.org/pdf/2509.09313","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:unibz.it:11351360640001241","is_oa":true,"landing_page_url":"https://bia.unibz.it/esploro/outputs/conferenceProceeding/Cross-Domain-Evaluation-of-Transformer-Based-Vulnerability-Detection/991007166834501241","pdf_url":null,"source":{"id":"https://openalex.org/S4210197018","display_name":"View","issn_l":"2688-268X","issn":["2688-268X","2688-3988"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference Proceedings"}],"best_oa_location":{"id":"doi:10.1007/978-3-032-12092-2_3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-032-12092-2_3","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-12092-2_3.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1857088242","display_name":null,"funder_award_id":"Mission 4","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G2918056383","display_name":null,"funder_award_id":"Next Generation EU","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G5997159177","display_name":null,"funder_award_id":"Next Generation","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G7211444561","display_name":null,"funder_award_id":"EFRE1039","funder_id":"https://openalex.org/F4320325400","funder_display_name":"Libera Universit\u00e0 di Bolzano"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320325400","display_name":"Libera Universit\u00e0 di Bolzano","ror":"https://ror.org/012ajp527"},{"id":"https://openalex.org/F4320335322","display_name":"European Regional Development Fund","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416344294.pdf","grobid_xml":"https://content.openalex.org/works/W4416344294.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W2026513874","https://openalex.org/W2781491433","https://openalex.org/W2796056969","https://openalex.org/W3014251356","https://openalex.org/W3091588759","https://openalex.org/W3098605233","https://openalex.org/W3153018678","https://openalex.org/W4241970501","https://openalex.org/W4254751698","https://openalex.org/W4312436517","https://openalex.org/W4312969325","https://openalex.org/W4384345694","https://openalex.org/W4389159189","https://openalex.org/W4391558392","https://openalex.org/W4400351643","https://openalex.org/W4400484795","https://openalex.org/W4403413408","https://openalex.org/W4403537030","https://openalex.org/W4406237077","https://openalex.org/W4411271074","https://openalex.org/W4411360016","https://openalex.org/W4411360089"],"related_works":[],"abstract_inverted_index":{"Deep":[0],"learning":[1,52],"solutions":[2],"for":[3,74,104,119],"vulnerability":[4,116],"detection":[5,117,195],"proposed":[6],"in":[7,19,53,78],"academic":[8,46],"research":[9],"are":[10,61],"not":[11],"always":[12],"accessible":[13],"to":[14,30,35,133],"developers,":[15],"and":[16,42,47,56,80,93,98,135],"their":[17],"applicability":[18],"industrial":[20,48,79,96,166],"settings":[21],"is":[22],"rarely":[23],"addressed.":[24],"Transferring":[25],"such":[26],"technologies":[27],"from":[28],"academia":[29],"industry":[31],"presents":[32],"challenges":[33],"related":[34],"trustworthiness,":[36],"legacy":[37],"systems,":[38],"limited":[39],"digital":[40],"literacy,":[41],"the":[43,70,147,155,172,194],"gap":[44],"between":[45],"expertise.":[49],"For":[50],"deep":[51,183],"particular,":[54],"performance":[55,71,177],"integration":[57],"into":[58],"existing":[59],"workflows":[60],"additional":[62],"concerns.":[63],"In":[64],"this":[65],"work,":[66],"we":[67,112,145],"first":[68],"evaluate":[69],"of":[72,196],"CodeBERT":[73,132],"detecting":[75],"vulnerable":[76],"functions":[77],"open-source":[81,91,179],"software.":[82],"We":[83],"analyse":[84],"its":[85],"cross-domain":[86],"generalisation":[87],"when":[88],"fine-tuned":[89,131,185],"on":[90,95,109,165,178,186],"data":[92,167],"tested":[94],"data,":[97,188],"vice":[99],"versa,":[100],"also":[101],"exploring":[102],"strategies":[103],"handling":[105],"class":[106],"imbalance.":[107],"Based":[108],"these":[110],"results,":[111],"develop":[113],"AI-DO":[114],"(Automating":[115],"Integration":[118],"Developers\u2019":[120],"Operations),":[121],"a":[122,152,182],"Continuous":[123],"Integration\u2013Continuous":[124],"Deployment":[125],"(CI/CD)-integrated":[126],"recommender":[127],"system":[128],"that":[129,162],"uses":[130],"detect":[134,168],"localise":[136],"vulnerabilities":[137,169],"during":[138],"code":[139],"review":[140],"without":[141],"disrupting":[142],"workflows.":[143],"Finally,":[144],"assess":[146],"tool\u2019s":[148],"perceived":[149],"usefulness":[150],"through":[151],"survey":[153],"with":[154,189],"company\u2019s":[156],"IT":[157],"professionals.":[158],"Our":[159],"results":[160],"show":[161],"models":[163],"trained":[164],"accurately":[170],"within":[171],"same":[173],"domain":[174],"but":[175],"lose":[176],"code,":[180],"while":[181],"learner":[184],"open":[187],"appropriate":[190],"undersampling":[191],"techniques,":[192],"improves":[193],"vulnerabilities.":[197]},"counts_by_year":[],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}