{"id":"https://openalex.org/W4416549459","doi":"https://doi.org/10.1145/3719027.3760716","title":"Poster: Insecure Coding Habits Die Hard. Can PEFT Really Turn LLMs into Secure Coders?","display_name":"Poster: Insecure Coding Habits Die Hard. Can PEFT Really Turn LLMs into Secure Coders?","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549459","doi":"https://doi.org/10.1145/3719027.3760716"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3760716","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3760716","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3760716","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3760716","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5110271482","display_name":"Seung Wan Chae","orcid":"https://orcid.org/0009-0008-3997-8969"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sangjun Chae","raw_affiliation_strings":["Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0008-3997-8969","affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103957648","display_name":"Jin-Seok Choi","orcid":"https://orcid.org/0009-0003-0561-3615"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jangseop Choi","raw_affiliation_strings":["Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0003-0561-3615","affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024932579","display_name":"T.-A. Kim","orcid":"https://orcid.org/0009-0002-7909-8225"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Taeyang Kim","raw_affiliation_strings":["Sungkyunkwan University, Seoul, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0002-7909-8225","affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102298963","display_name":"Eun Jung","orcid":"https://orcid.org/0009-0003-4296-4422"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Eun Jung","raw_affiliation_strings":["Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0003-4296-4422","affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067902158","display_name":"Sanghak Oh","orcid":"https://orcid.org/0000-0002-5047-5683"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sanghak Oh","raw_affiliation_strings":["Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-5047-5683","affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016563574","display_name":"Hyoungshick Kim","orcid":"https://orcid.org/0000-0002-1605-3866"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hyoungshick Kim","raw_affiliation_strings":["Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-1605-3866","affiliations":[{"raw_affiliation_string":"Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.376281,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"4758","last_page":"4760"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T14400","display_name":"Medical Coding and Health Information","score":0.09889999777078629,"subfield":{"id":"https://openalex.org/subfields/3605","display_name":"Health Information Management"},"field":{"id":"https://openalex.org/fields/36","display_name":"Health Professions"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}},"topics":[{"id":"https://openalex.org/T14400","display_name":"Medical Coding and Health Information","score":0.09889999777078629,"subfield":{"id":"https://openalex.org/subfields/3605","display_name":"Health Information Management"},"field":{"id":"https://openalex.org/fields/36","display_name":"Health Professions"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.027499999850988388,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.026000000536441803,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/coding","display_name":"Coding (social sciences)","score":0.3901999890804291},{"id":"https://openalex.org/keywords/disadvantage","display_name":"Disadvantage","score":0.25600001215934753}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41269999742507935},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.3901999890804291},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.35690000653266907},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.35089999437332153},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.3328000009059906},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.32910001277923584},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.31779998540878296},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.30160000920295715},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.2596000134944916},{"id":"https://openalex.org/C2777673361","wikidata":"https://www.wikidata.org/wiki/Q5281228","display_name":"Disadvantage","level":2,"score":0.25600001215934753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3760716","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3760716","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3760716","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3719027.3760716","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3760716","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3760716","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G440996017","display_name":null,"funder_award_id":"RS-2024-00459638","funder_id":"https://openalex.org/F4320335489","funder_display_name":"Institute for Information and Communications Technology Promotion"},{"id":"https://openalex.org/G4700831490","display_name":null,"funder_award_id":"2022-","funder_id":"https://openalex.org/F4320335489","funder_display_name":"Institute for Information and Communications Technology Promotion"},{"id":"https://openalex.org/G6964528210","display_name":null,"funder_award_id":"RS-2024-00437849","funder_id":"https://openalex.org/F4320335489","funder_display_name":"Institute for Information and Communications Technology Promotion"}],"funders":[{"id":"https://openalex.org/F4320335489","display_name":"Institute for Information and Communications Technology Promotion","ror":"https://ror.org/01g0hqq23"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416549459.pdf","grobid_xml":"https://content.openalex.org/works/W4416549459.grobid-xml"},"referenced_works_count":2,"referenced_works":["https://openalex.org/W4384026520","https://openalex.org/W4402263641"],"related_works":[],"abstract_inverted_index":{"Large":[0],"language":[1],"models":[2,76],"(LLMs)":[3],"have":[4],"advanced":[5],"automated":[6],"code":[7,12,38,59,94,116],"generation":[8,39],"but":[9],"often":[10],"produce":[11],"with":[13],"critical":[14],"security":[15,117],"flaws,":[16],"including":[17],"buffer":[18],"overflows,":[19],"memory":[20],"leaks,":[21],"and":[22,70,78,102],"unsafe":[23],"file":[24],"handling.While":[25],"prior":[26],"work":[27],"emphasizes":[28],"post-hoc":[29],"vulnerability":[30,54],"detection,":[31],"we":[32],"introduce":[33],"a":[34,45],"framework":[35],"for":[36,100,107],"secure-by-construction":[37],"via":[40],"parameter-efficient":[41],"fine-tuning":[42],"(PEFT).We":[43],"construct":[44],"secure":[46,93],"training":[47],"dataset":[48],"by":[49],"automatically":[50],"fixing":[51],"7":[52],"high-impact":[53],"types":[55],"in":[56],"37,540":[57],"C":[58],"samples":[60],"from":[61,96,103],"CodeNet,":[62],"achieving":[63],"95.36%":[64],"CWE":[65],"reduction.We":[66],"then":[67],"apply":[68],"prompt":[69],"prefix":[71],"tuning":[72],"to":[73,98,105],"four":[74],"open-source":[75],"(CodeGen-16B/6B-multi":[77],"StarCoder2-7B/3B),":[79],"updating":[80],"fewer":[81],"than":[82],"1%":[83],"of":[84],"the":[85,87],"parameters.On":[86],"LLMSe-cEval":[88],"benchmark,":[89],"our":[90],"approach":[91],"increases":[92],"generations":[95],"20":[97],"36":[99],"StarCoder2-3B":[101],"10":[104],"27":[106],"CodeGen-6B.These":[108],"results":[109],"demonstrate":[110],"that":[111],"PEFT":[112],"can":[113],"substantially":[114],"improve":[115],"without":[118],"full":[119],"model":[120],"retraining.":[121]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-11-23T00:00:00"}