{"id":"https://openalex.org/W4415746230","doi":"https://doi.org/10.1109/icsme64153.2025.00041","title":"Retrieve, Refine, or Both? Using Task-Specific Guidelines for Secure Python Code Generation","display_name":"Retrieve, Refine, or Both? Using Task-Specific Guidelines for Secure Python Code Generation","publication_year":2025,"publication_date":"2025-09-07","ids":{"openalex":"https://openalex.org/W4415746230","doi":"https://doi.org/10.1109/icsme64153.2025.00041"},"language":null,"primary_location":{"id":"doi:10.1109/icsme64153.2025.00041","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00041","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089389565","display_name":"Catherine Tony","orcid":"https://orcid.org/0000-0002-9916-4456"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Catherine Tony","raw_affiliation_strings":["Hamburg University of Technology,Hamburg,Germany"],"affiliations":[{"raw_affiliation_string":"Hamburg University of Technology,Hamburg,Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037237385","display_name":"Emanuele Iannone","orcid":"https://orcid.org/0000-0001-7489-9969"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Emanuele Iannone","raw_affiliation_strings":["Hamburg University of Technology,Hamburg,Germany"],"affiliations":[{"raw_affiliation_string":"Hamburg University of Technology,Hamburg,Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012313708","display_name":"Riccardo Scandariato","orcid":"https://orcid.org/0000-0003-3591-7671"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Riccardo Scandariato","raw_affiliation_strings":["Hamburg University of Technology,Hamburg,Germany"],"affiliations":[{"raw_affiliation_string":"Hamburg University of Technology,Hamburg,Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5089389565"],"corresponding_institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.47024435,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"368","last_page":"379"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.5515000224113464,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.5515000224113464,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.1712999939918518,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.03229999914765358,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/code-generation","display_name":"Code generation","score":0.5817999839782715},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.5730000138282776},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.519599974155426},{"id":"https://openalex.org/keywords/redundant-code","display_name":"Redundant code","score":0.45239999890327454},{"id":"https://openalex.org/keywords/coding","display_name":"Coding (social sciences)","score":0.4357999861240387},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4311000108718872},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.32499998807907104}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8374999761581421},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.5817999839782715},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.5730000138282776},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5411999821662903},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.519599974155426},{"id":"https://openalex.org/C151578736","wikidata":"https://www.wikidata.org/wiki/Q1251793","display_name":"Redundant code","level":4,"score":0.45239999890327454},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.4357999861240387},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4311000108718872},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.32499998807907104},{"id":"https://openalex.org/C47434764","wikidata":"https://www.wikidata.org/wiki/Q1770035","display_name":"Dead code","level":5,"score":0.31690001487731934},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.31470000743865967},{"id":"https://openalex.org/C121957198","wikidata":"https://www.wikidata.org/wiki/Q14365593","display_name":"KPI-driven code analysis","level":5,"score":0.31049999594688416},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.29319998621940613},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.2890999913215637},{"id":"https://openalex.org/C50951305","wikidata":"https://www.wikidata.org/wiki/Q2482534","display_name":"Unreachable code","level":5,"score":0.2865999937057495},{"id":"https://openalex.org/C2988963302","wikidata":"https://www.wikidata.org/wiki/Q629206","display_name":"Program code","level":2,"score":0.2680000066757202},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.26739999651908875},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.26019999384880066},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.25060001015663147}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icsme64153.2025.00041","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00041","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W2109305774","https://openalex.org/W2750168540","https://openalex.org/W2945795702","https://openalex.org/W2963926786","https://openalex.org/W2993331254","https://openalex.org/W3017863658","https://openalex.org/W3178592347","https://openalex.org/W4220983258","https://openalex.org/W4288057765","https://openalex.org/W4308627645","https://openalex.org/W4312476652","https://openalex.org/W4320560161","https://openalex.org/W4328028645","https://openalex.org/W4384026520","https://openalex.org/W4384026634","https://openalex.org/W4388483179","https://openalex.org/W4388858772","https://openalex.org/W4388867344","https://openalex.org/W4389520670","https://openalex.org/W4401042404","https://openalex.org/W4401543590","https://openalex.org/W4401544296","https://openalex.org/W4402457779","https://openalex.org/W4402671023","https://openalex.org/W4403646794","https://openalex.org/W4403747722","https://openalex.org/W4404782576","https://openalex.org/W4408214684","https://openalex.org/W4411113095","https://openalex.org/W4411950636"],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"are":[4,29],"increasingly":[5],"used":[6],"for":[7],"code":[8,14,38,48,69,153,174,198],"generation,":[9],"but":[10],"they":[11,28],"often":[12],"produce":[13],"with":[15,142,155],"security":[16,49,84],"vulnerabilities.":[17],"While":[18],"techniques":[19,45],"like":[20],"fine-tuning":[21],"and":[22,32,57,93,112,161],"instruction":[23],"tuning":[24],"can":[25],"improve":[26],"security,":[27,154],"computationally":[30],"expensive":[31],"require":[33],"large":[34],"amounts":[35],"of":[36,102,152,172,191],"secure":[37,105],"data.":[39],"Recent":[40],"studies":[41],"have":[42],"explored":[43],"prompting":[44],"to":[46,82,95,125],"enhance":[47],"without":[50],"additional":[51],"training.":[52],"Among":[53],"these,":[54],"Recursive":[55],"Criticism":[56],"Improvement":[58],"(RCI)":[59],"has":[60],"demonstrated":[61],"strong":[62],"improvements":[63],"by":[64,70,89],"iteratively":[65],"refining":[66],"the":[67,79,100,128,133,170,189],"generated":[68],"leveraging":[71],"LLMs'":[72],"self-critiquing":[73],"capabilities.":[74],"However,":[75],"RCI":[76],"relies":[77],"on":[78],"model's":[80],"ability":[81],"identify":[83],"flaws,":[85],"which":[86],"is":[87],"constrained":[88],"its":[90],"training":[91],"data":[92],"susceptibility":[94],"hallucinations.":[96],"This":[97],"paper":[98],"investigates":[99],"impact":[101],"incorporating":[103],"taskspecific":[104],"coding":[106],"guidelines":[107,130,194],"extracted":[108],"from":[109],"MITRE's":[110],"CWE":[111],"CodeQL":[113],"recommendations":[114],"into":[115],"LLM":[116,134],"prompts.":[117],"For":[118],"this,":[119],"we":[120],"employ":[121],"Retrieval-Augmented":[122],"Generation":[123],"(RAG)":[124],"dynamically":[126],"retrieve":[127],"relevant":[129,193],"that":[131,145],"help":[132],"avoid":[135],"generating":[136],"insecure":[137,173],"code.":[138],"We":[139],"compare":[140],"RAG":[141,156],"RCI,":[143],"observing":[144],"both":[146,166],"deliver":[147],"comparable":[148],"performance":[149],"in":[150,195],"terms":[151],"consuming":[157],"considerably":[158],"less":[159],"time":[160],"fewer":[162],"tokens.":[163],"Additionally,":[164],"combining":[165],"approaches":[167],"further":[168],"reduces":[169],"amount":[171],"generated,":[175],"requiring":[176],"only":[177],"slightly":[178],"more":[179],"resources":[180],"than":[181],"<tex":[182],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[183],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$R":[184],"C":[185],"I$</tex>":[186],"alone,":[187],"highlighting":[188],"benefit":[190],"adding":[192],"improving":[196],"LLM-generated":[197],"security.":[199]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-31T00:00:00"}