{"id":"https://openalex.org/W4386231786","doi":"https://doi.org/10.1109/tdsc.2023.3308897","title":"Pre-Trained Model-Based Automated Software Vulnerability Repair: How Far are We?","display_name":"Pre-Trained Model-Based Automated Software Vulnerability Repair: How Far are We?","publication_year":2023,"publication_date":"2023-08-28","ids":{"openalex":"https://openalex.org/W4386231786","doi":"https://doi.org/10.1109/tdsc.2023.3308897"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2023.3308897","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3308897","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101756397","display_name":"Quanjun Zhang","orcid":"https://orcid.org/0000-0002-2495-3805"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Quanjun Zhang","raw_affiliation_strings":["State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0002-2495-3805","affiliations":[{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075174750","display_name":"Chunrong Fang","orcid":"https://orcid.org/0000-0002-9930-7111"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunrong Fang","raw_affiliation_strings":["State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0002-9930-7111","affiliations":[{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101188063","display_name":"Bowen Yu","orcid":"https://orcid.org/0009-0008-9642-7880"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bowen Yu","raw_affiliation_strings":["State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China"],"raw_orcid":"https://orcid.org/0009-0008-9642-7880","affiliations":[{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013856385","display_name":"Weisong Sun","orcid":"https://orcid.org/0000-0001-9236-8264"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weisong Sun","raw_affiliation_strings":["State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0001-9236-8264","affiliations":[{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112989160","display_name":"Tongke Zhang","orcid":"https://orcid.org/0009-0002-0012-3628"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tongke Zhang","raw_affiliation_strings":["State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China"],"raw_orcid":"https://orcid.org/0009-0002-0012-3628","affiliations":[{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100422935","display_name":"Zhenyu Chen","orcid":"https://orcid.org/0000-0002-9592-7022"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenyu Chen","raw_affiliation_strings":["State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0002-9592-7022","affiliations":[{"raw_affiliation_string":"State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China","institution_ids":["https://openalex.org/I881766915"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101756397"],"corresponding_institution_ids":["https://openalex.org/I881766915"],"apc_list":null,"apc_paid":null,"fwci":19.282,"has_fulltext":false,"cited_by_count":43,"citation_normalized_percentile":{"value":0.99315483,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"21","issue":"4","first_page":"2507","last_page":"2525"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7960540056228638},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6895851492881775},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5989429950714111},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5934222340583801},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5468962788581848},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5468456745147705},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5387026071548462},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.462239533662796},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.42437657713890076},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3568766713142395},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.33874714374542236},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2561061978340149},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.21444422006607056},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1285967230796814},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.08558258414268494}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7960540056228638},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6895851492881775},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5989429950714111},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5934222340583801},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5468962788581848},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5468456745147705},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5387026071548462},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.462239533662796},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.42437657713890076},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3568766713142395},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33874714374542236},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2561061978340149},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.21444422006607056},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1285967230796814},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.08558258414268494},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2023.3308897","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3308897","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.699999988079071}],"awards":[{"id":"https://openalex.org/G3196640441","display_name":null,"funder_award_id":"61932012","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5572212565","display_name":null,"funder_award_id":"62141215","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8662163125","display_name":null,"funder_award_id":"62372228","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W1607167266","https://openalex.org/W2153881107","https://openalex.org/W2367798545","https://openalex.org/W2535617737","https://openalex.org/W2759944965","https://openalex.org/W2766411424","https://openalex.org/W2794889478","https://openalex.org/W2885030880","https://openalex.org/W2896457183","https://openalex.org/W2907705732","https://openalex.org/W2910203822","https://openalex.org/W2943981992","https://openalex.org/W2947362543","https://openalex.org/W2955426500","https://openalex.org/W2972082064","https://openalex.org/W2979566992","https://openalex.org/W2998879504","https://openalex.org/W3048253066","https://openalex.org/W3090891670","https://openalex.org/W3091588759","https://openalex.org/W3094130708","https://openalex.org/W3098605233","https://openalex.org/W3126675481","https://openalex.org/W3129269689","https://openalex.org/W3156480510","https://openalex.org/W3161997752","https://openalex.org/W3166095789","https://openalex.org/W3177813494","https://openalex.org/W3183469243","https://openalex.org/W3193682477","https://openalex.org/W3198685994","https://openalex.org/W4207068100","https://openalex.org/W4210660460","https://openalex.org/W4221166942","https://openalex.org/W4225592887","https://openalex.org/W4281479826","https://openalex.org/W4284674057","https://openalex.org/W4284709233","https://openalex.org/W4285490485","https://openalex.org/W4288089799","https://openalex.org/W4308641648","https://openalex.org/W4384304728","https://openalex.org/W4385187421","https://openalex.org/W4385245566","https://openalex.org/W4388422146","https://openalex.org/W4388482966","https://openalex.org/W6631190155","https://openalex.org/W6752526365","https://openalex.org/W6755207826","https://openalex.org/W6769627184","https://openalex.org/W6778883912","https://openalex.org/W6783227185","https://openalex.org/W6784319041","https://openalex.org/W6790588633","https://openalex.org/W6798182279","https://openalex.org/W6810604016"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2062873522","https://openalex.org/W2947584067","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2789975780"],"abstract_inverted_index":{"Various":[0],"approaches":[1],"are":[2],"proposed":[3],"to":[4,9,25,31,56,61,69,73,122,233,275],"help":[5],"under-resourced":[6],"security":[7,23,51,75,278,287],"researchers":[8,24],"detect":[10],"and":[11,20,35,47,77,98,105,171,227,237,280],"analyze":[12],"software":[13,39,54],"vulnerabilities.":[14],"It":[15],"is":[16,100],"still":[17],"incredibly":[18],"time-consuming":[19],"labor-intensive":[21],"for":[22,255],"fix":[26,74],"such":[27,199],"reported":[28],"vulnerabilities":[29,76,279],"due":[30],"the":[32,45,87,113,141,160,175,181,192,206,235,251,262,268,282],"increasing":[33],"size":[34],"complexity":[36],"of":[37,49,89,150,162,209,239,253,271,286],"modern":[38],"systems.":[40],"The":[41,126],"time":[42],"lag":[43],"between":[44],"reporting":[46],"fixing":[48],"a":[50,147,185,200,228],"vulnerability":[52,124,131,176,187,259],"causes":[53],"systems":[55],"suffer":[57],"from":[58,195,221],"significant":[59],"exposure":[60],"possible":[62],"attacks.":[63],"Very":[64],"recently,":[65],"some":[66],"techniques":[67],"propose":[68],"apply":[70],"pretrained":[71],"models":[72,92,121,138,211,274],"have":[78],"proved":[79],"their":[80,103],"success":[81],"in":[82,174,261,289],"improving":[83],"repair":[84,172,177,188,260],"accuracy.":[85],"However,":[86],"effectiveness":[88],"existing":[90],"pre-trained":[91,120,137,210,240,257,273],"has":[93],"not":[94],"been":[95],"systematically":[96],"compared":[97],"little":[99],"known":[101],"about":[102],"advantages":[104],"disadvantages.":[106],"To":[107],"bridge":[108],"this":[109],"gap,":[110],"we":[111,183,217,244],"perform":[112],"first":[114],"extensive":[115],"study":[116,230,266],"on":[117,129,214],"applying":[118],"various":[119,247],"automated":[123],"repair.":[125],"experimental":[127],"results":[128],"two":[130],"datasets":[132],"show":[133],"that":[134,190],"all":[135],"studied":[136],"consistently":[139],"outperform":[140],"state-ofthe-":[142],"art":[143],"technique":[144],"VRepair":[145],"with":[146,231],"prediction":[148,207],"accuracy":[149,208],"32.94":[151],"<inline-formula":[152],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[153],"xmlns:xlink=\"http://www.w3.org/1999/xlink\"><tex-math":[154],"notation=\"LaTeX\">$\\sim$</tex-math></inline-formula>":[155],"44.96%.":[156],"We":[157],"also":[158],"investigate":[159],"impact":[161],"three":[163],"major":[164],"phases":[165],"(i.e.,":[166],"data":[167],"pre-processing,":[168],"model":[169],"training":[170],"inference)":[173],"workflow.":[178],"Inspired":[179],"by":[180,212],"findings,":[182],"construct":[184],"simplistic":[186,201],"approach":[189,202],"adopts":[191],"transfer":[193],"learning":[194],"bug":[196],"fixing.":[197],"Surprisingly,":[198],"can":[203],"further":[204,245],"improve":[205],"9.40%":[213],"average.":[215],"Besides,":[216],"provide":[218],"additional":[219],"discussion":[220],"different":[222],"aspects":[223],"(e.g.,":[224,250],"code":[225],"representation":[226],"preliminary":[229],"ChatGPT)":[232],"illustrate":[234],"capacity":[236],"limitation":[238],"model-based":[241,258],"techniques.":[242],"Finally,":[243],"pinpoint":[246],"practical":[248],"guidelines":[249],"improvement":[252],"fine-tuning)":[254],"advanced":[256],"near":[263],"future.":[264],"Our":[265],"highlights":[267],"promising":[269],"future":[270],"adopting":[272],"patch":[276],"real-world":[277],"reduce":[281],"manual":[283],"debugging":[284],"effort":[285],"experts":[288],"practice.":[290]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":26},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}