{"id":"https://openalex.org/W7127146572","doi":"https://doi.org/10.48550/arxiv.2601.22706","title":"RealSec-bench: A Benchmark for Evaluating Secure Code Generation in Real-World Repositories","display_name":"RealSec-bench: A Benchmark for Evaluating Secure Code Generation in Real-World Repositories","publication_year":2026,"publication_date":"2026-01-30","ids":{"openalex":"https://openalex.org/W7127146572","doi":"https://doi.org/10.48550/arxiv.2601.22706"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2601.22706","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124760635","display_name":"Yanlin Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Wang, Yanlin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102004044","display_name":"Ziyao Zhang","orcid":"https://orcid.org/0000-0002-0617-1340"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Ziyao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124781543","display_name":"Chong (Alex) Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Chong","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124852579","display_name":"Xinyi Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Xinyi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124824431","display_name":"Mingwei Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Mingwei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124836054","display_name":"Yong Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Yong","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100443179","display_name":"Ting Chen","orcid":"https://orcid.org/0000-0001-9380-4953"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Jiachi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5124771774","display_name":"Zibin Zheng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zheng, Zibin","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5124760635"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.45339998602867126,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.45339998602867126,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.17010000348091125,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.10499999672174454,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.870199978351593},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6935999989509583},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.52920001745224},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.44929999113082886},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4440000057220459},{"id":"https://openalex.org/keywords/code-generation","display_name":"Code generation","score":0.429500013589859},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.40299999713897705},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.3901999890804291},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.3619999885559082}],"concepts":[{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.870199978351593},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8277000188827515},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6935999989509583},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.52920001745224},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.44929999113082886},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4440000057220459},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4334000051021576},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.429500013589859},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.40299999713897705},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.3901999890804291},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.3619999885559082},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3560999929904938},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34860000014305115},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3296000063419342},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.3257000148296356},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.32339999079704285},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3125999867916107},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.29190000891685486},{"id":"https://openalex.org/C42383842","wikidata":"https://www.wikidata.org/wiki/Q193076","display_name":"Functional programming","level":2,"score":0.290800005197525},{"id":"https://openalex.org/C88468194","wikidata":"https://www.wikidata.org/wiki/Q1172416","display_name":"Data-flow analysis","level":3,"score":0.2791000008583069},{"id":"https://openalex.org/C489000","wikidata":"https://www.wikidata.org/wiki/Q747385","display_name":"Data flow diagram","level":2,"score":0.2775999903678894},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.26750001311302185},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2669000029563904},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.26660001277923584},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.2628999948501587},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2597000002861023},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.25040000677108765}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2601.22706","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2601.22706","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.22706","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2601.22706","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"score":0.7076515555381775,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"have":[4],"demonstrated":[5],"remarkable":[6],"capabilities":[7],"in":[8,14,37,50,103,207],"code":[9,17,65,205],"generation,":[10],"but":[11],"their":[12],"proficiency":[13],"producing":[15],"secure":[16,64,204],"remains":[18],"a":[19,60,77,116,145],"critical,":[20],"under-explored":[21],"area.":[22],"Existing":[23],"benchmarks":[24],"often":[25,184],"fall":[26],"short":[27],"by":[28],"relying":[29],"on":[30,139],"synthetic":[31],"vulnerabilities":[32,124],"or":[33],"evaluating":[34],"functional":[35,153,168,190,202],"correctness":[36,154,191],"isolation,":[38],"failing":[39],"to":[40,127,150,174,186],"capture":[41],"the":[42,199],"complex":[43],"interplay":[44],"between":[45,201],"functionality":[46],"and":[47,91,114,155,203],"security":[48,156,182],"found":[49],"real-world":[51],"software.":[52],"To":[53],"address":[54],"this":[55],"gap,":[56],"we":[57,133],"introduce":[58,144],"RealSec-bench,":[59,132],"new":[61],"benchmark":[62,98],"for":[63],"generation":[66,206],"meticulously":[67],"constructed":[68],"from":[69],"real-world,":[70],"high-risk":[71],"Java":[72],"repositories.":[73],"Our":[74,196],"methodology":[75],"employs":[76],"multi-stage":[78],"pipeline":[79],"that":[80,160],"combines":[81],"systematic":[82],"SAST":[83],"scanning":[84],"with":[85,125,180],"CodeQL,":[86],"LLM-based":[87],"false":[88],"positive":[89],"elimination,":[90],"rigorous":[92],"human":[93],"expert":[94],"validation.":[95],"The":[96],"resulting":[97],"contains":[99],"105":[100],"instances":[101],"grounded":[102],"real-word":[104],"repository":[105],"contexts,":[106],"spanning":[107],"19":[108],"Common":[109],"Weakness":[110],"Enumeration":[111],"(CWE)":[112],"types":[113],"exhibiting":[115],"wide":[117],"diversity":[118],"of":[119],"data":[120],"flow":[121],"complexities,":[122],"including":[123],"up":[126],"34-hop":[128],"inter-procedural":[129],"dependencies.":[130],"Using":[131],"conduct":[134],"an":[135],"extensive":[136],"empirical":[137],"study":[138],"5":[140],"popular":[141],"LLMs.":[142,209],"We":[143,158],"novel":[146],"composite":[147],"metric,":[148],"SecurePass@K,":[149],"assess":[151],"both":[152],"simultaneously.":[157],"find":[159],"while":[161],"Retrieval-Augmented":[162],"Generation":[163],"(RAG)":[164],"techniques":[165],"can":[166],"improve":[167],"correctness,":[169],"they":[170],"provide":[171],"negligible":[172],"benefits":[173],"security.":[175],"Furthermore,":[176],"explicitly":[177],"prompting":[178],"models":[179],"general":[181],"guidelines":[183],"leads":[185],"compilation":[187],"failures,":[188],"harming":[189],"without":[192],"reliably":[193],"preventing":[194],"vulnerabilities.":[195],"work":[197],"highlights":[198],"gap":[200],"current":[208]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-03T00:00:00"}