{"id":"https://openalex.org/W4411052482","doi":"https://doi.org/10.1145/3716815.3729010","title":"Exploring Prompt Patterns for Effective Vulnerability Repair in Real-World Code by Large Language Models","display_name":"Exploring Prompt Patterns for Effective Vulnerability Repair in Real-World Code by Large Language Models","publication_year":2025,"publication_date":"2025-06-04","ids":{"openalex":"https://openalex.org/W4411052482","doi":"https://doi.org/10.1145/3716815.3729010"},"language":"en","primary_location":{"id":"doi:10.1145/3716815.3729010","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3716815.3729010","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3716815.3729010","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Yining Luo","orcid":"https://orcid.org/0009-0004-6958-3563"},"institutions":[{"id":"https://openalex.org/I203172682","display_name":"Northern Arizona University","ror":"https://ror.org/0272j5188","country_code":"US","type":"education","lineage":["https://openalex.org/I203172682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yining Luo","raw_affiliation_strings":["Northern Arizona University, Flagstaff, AZ, USA"],"raw_orcid":"https://orcid.org/0009-0004-6958-3563","affiliations":[{"raw_affiliation_string":"Northern Arizona University, Flagstaff, AZ, USA","institution_ids":["https://openalex.org/I203172682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011172042","display_name":"Baobao Li","orcid":"https://orcid.org/0000-0001-8256-4632"},"institutions":[{"id":"https://openalex.org/I203172682","display_name":"Northern Arizona University","ror":"https://ror.org/0272j5188","country_code":"US","type":"education","lineage":["https://openalex.org/I203172682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Baobao Li","raw_affiliation_strings":["Northern Arizona University, Flagstaff, AZ, USA"],"raw_orcid":"https://orcid.org/0009-0000-8557-2814","affiliations":[{"raw_affiliation_string":"Northern Arizona University, Flagstaff, AZ, USA","institution_ids":["https://openalex.org/I203172682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088206056","display_name":"Anoop Singhal","orcid":"https://orcid.org/0000-0002-2602-3927"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anoop Singhal","raw_affiliation_strings":["National Institute of Standards and Technology, Gaithersburg, USA"],"raw_orcid":"https://orcid.org/0000-0002-2602-3927","affiliations":[{"raw_affiliation_string":"National Institute of Standards and Technology, Gaithersburg, USA","institution_ids":["https://openalex.org/I1321296531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064007725","display_name":"Pei-Yu Tseng","orcid":"https://orcid.org/0000-0001-9675-674X"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peiyu Tseng","raw_affiliation_strings":["Penn State University, University Park, USA"],"raw_orcid":"https://orcid.org/0000-0001-9675-674X","affiliations":[{"raw_affiliation_string":"Penn State University, University Park, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100322329","display_name":"Lan Zhang","orcid":"https://orcid.org/0000-0003-3964-8034"},"institutions":[{"id":"https://openalex.org/I203172682","display_name":"Northern Arizona University","ror":"https://ror.org/0272j5188","country_code":"US","type":"education","lineage":["https://openalex.org/I203172682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lan Zhang","raw_affiliation_strings":["Northern Arizona University, Flagstaff, China"],"raw_orcid":"https://orcid.org/0000-0003-3964-8034","affiliations":[{"raw_affiliation_string":"Northern Arizona University, Flagstaff, China","institution_ids":["https://openalex.org/I203172682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058926362","display_name":"Qingtian Zou","orcid":"https://orcid.org/0000-0002-1412-4800"},"institutions":[{"id":"https://openalex.org/I867280407","display_name":"The University of Texas Southwestern Medical Center","ror":"https://ror.org/05byvp690","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I867280407"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qingtian Zou","raw_affiliation_strings":["University of Texas Southwestern Medical Center, Dallas, TX, USA"],"raw_orcid":"https://orcid.org/0000-0002-1412-4800","affiliations":[{"raw_affiliation_string":"University of Texas Southwestern Medical Center, Dallas, TX, USA","institution_ids":["https://openalex.org/I867280407"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100656311","display_name":"Xiaoyan Sun","orcid":"https://orcid.org/0000-0002-0321-2338"},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaoyan Sun","raw_affiliation_strings":["Worcester Polytechnic Institute, Worcester, MA, USA"],"raw_orcid":"https://orcid.org/0000-0002-0321-2338","affiliations":[{"raw_affiliation_string":"Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100346908","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0003-4175-504X"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Liu","raw_affiliation_strings":["Penn State University, University Park, USA"],"raw_orcid":"https://orcid.org/0000-0003-4175-504X","affiliations":[{"raw_affiliation_string":"Penn State University, University Park, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.2561,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.94285859,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"23","last_page":"33"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7212466597557068},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5965249538421631},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5608726143836975},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4510681629180908},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32965803146362305}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7212466597557068},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5965249538421631},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5608726143836975},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4510681629180908},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32965803146362305},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3716815.3729010","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3716815.3729010","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3716815.3729010","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3716815.3729010","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM International Workshop on Security and Privacy Analytics","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W2140073981","https://openalex.org/W2620986014","https://openalex.org/W4388482952","https://openalex.org/W4393029443","https://openalex.org/W4393108609","https://openalex.org/W4393406994","https://openalex.org/W4399203816","https://openalex.org/W4399516134","https://openalex.org/W4404234188","https://openalex.org/W4408175000"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"have":[4,158],"shown":[5],"promise":[6],"in":[7,15,28,59,96,161],"automating":[8],"code":[9,18,49,67,127],"vulnerability":[10,173],"repair,":[11],"but":[12],"their":[13,38],"effectiveness":[14],"handling":[16,162],"real-world":[17,66,131],"remains":[19],"limited.":[20],"This":[21],"paper":[22],"investigates":[23],"the":[24],"capability":[25],"of":[26,47,103],"LLMs,":[27],"repairing":[29],"vulnerabilities":[30,58,164],"and":[31,74,112,125],"proposes":[32],"a":[33,92],"systematic":[34],"approach":[35,136],"to":[36],"enhance":[37],"performance":[39],"through":[40],"specialized":[41],"prompt":[42,115],"engineering.":[43],"Through":[44,101],"extensive":[45],"evaluation":[46],"5,826":[48],"samples,":[50],"we":[51,81,106],"found":[52],"that":[53,68,134,155],"while":[54,156],"LLMs":[55,157],"successfully":[56],"repair":[57,104,140,174],"simple":[60],"cases,":[61],"they":[62,166],"struggle":[63],"with":[64],"complex":[65,163],"involves":[69],"intricate":[70],"dependencies,":[71],"contextual":[72,122],"requirements,":[73],"multi-file":[75],"interactions.":[76],"To":[77],"address":[78],"these":[79],"limitations,":[80],"first":[82],"incorporated":[83],"Control":[84],"Flow":[85],"Graphs":[86],"(CFGs)":[87],"as":[88,120],"supplementary":[89],"prompts,":[90],"achieving":[91,142],"14.4%":[93],"success":[94,145],"rate":[95],"fixing":[97],"previously":[98],"unresolvable":[99],"vulnerabilities.":[100],"analysis":[102],"failures,":[105],"identified":[107,149],"three":[108],"primary":[109],"challenge":[110,150],"categories":[111],"developed":[113],"corresponding":[114],"patterns":[116],"incorporating":[117],"techniques":[118],"such":[119],"granular":[121],"information":[123],"provision":[124],"progressive":[126],"simplification.":[128],"Evaluation":[129],"on":[130],"projects":[132],"demonstrated":[133],"our":[135],"significantly":[137],"improved":[138],"LLMs'":[139],"capabilities,":[141],"over":[143],"85%":[144],"rates":[146],"across":[147],"all":[148],"categories.":[151],"Our":[152],"findings":[153],"suggest":[154],"inherent":[159],"limitations":[160],"independently,":[165],"can":[167],"become":[168],"effective":[169],"tools":[170],"for":[171],"automated":[172],"when":[175],"guided":[176],"by":[177],"carefully":[178],"crafted":[179],"prompts.":[180]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}