{"id":"https://openalex.org/W7128071965","doi":"https://doi.org/10.48550/arxiv.2602.05868","title":"Persistent Human Feedback, LLMs, and Static Analyzers for Secure Code Generation and Vulnerability Detection","display_name":"Persistent Human Feedback, LLMs, and Static Analyzers for Secure Code Generation and Vulnerability Detection","publication_year":2026,"publication_date":"2026-02-05","ids":{"openalex":"https://openalex.org/W7128071965","doi":"https://doi.org/10.48550/arxiv.2602.05868"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.05868","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031213161","display_name":"Ehsan Firouzi","orcid":"https://orcid.org/0009-0000-7563-4196"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Firouzi, Ehsan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5125177459","display_name":"Mohammad Ghafari","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ghafari, Mohammad","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.4528999924659729,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.4528999924659729,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.34850001335144043,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.03959999978542328,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7350000143051147},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.7021999955177307},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6693999767303467},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.5669000148773193},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5669000148773193},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.5551000237464905},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.5166000127792358},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.37860000133514404}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7350000143051147},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.7021999955177307},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6836000084877014},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6693999767303467},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6259999871253967},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.5669000148773193},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5669000148773193},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.5551000237464905},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.5166000127792358},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.37860000133514404},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.36390000581741333},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3573000133037567},{"id":"https://openalex.org/C4679612","wikidata":"https://www.wikidata.org/wiki/Q866298","display_name":"Aggregate (composite)","level":2,"score":0.3547999858856201},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.3330000042915344},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.29989999532699585},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.2766000032424927},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.27309998869895935},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2603999972343445},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2574000060558319}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.05868","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.05868","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.05868","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.05868","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"score":0.6822665929794312,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Existing":[0],"literature":[1],"heavily":[2],"relies":[3],"on":[4,112],"static":[5,36,95],"analysis":[6,71,96],"tools":[7,97],"to":[8,133],"evaluate":[9],"LLMs":[10,132],"for":[11,108,137],"secure":[12,138],"code":[13,22,102,139],"generation":[14,129,140],"and":[15,28,40,54,58,79,104,141],"vulnerability":[16,142],"detection.":[17,143],"We":[18],"reviewed":[19],"1,080":[20],"LLM-generated":[21],"samples,":[23],"built":[24],"a":[25,117,126],"human-validated":[26],"ground-truth,":[27],"compared":[29],"the":[30,48,64,86,92,106],"outputs":[31],"of":[32,47,77,81,94,101],"two":[33],"widely":[34],"used":[35],"security":[37,103],"tools,":[38],"CodeQL":[39,55],"Semgrep,":[41],"against":[42],"this":[43,113],"corpus.":[44],"While":[45],"61%":[46,80],"samples":[49],"were":[50],"genuinely":[51],"secure,":[52,61],"Semgrep":[53],"classified":[56],"60%":[57],"80%":[59],"as":[60,98],"respectively.":[62],"Despite":[63],"apparent":[65],"agreement":[66],"in":[67,125],"aggregate":[68],"statistics,":[69],"per-sample":[70],"reveals":[72],"substantial":[73],"discrepancies:":[74],"only":[75],"65%":[76],"Semgrep's":[78],"CodeQL's":[82],"reports":[83],"correctly":[84],"matched":[85],"ground":[87],"truth.":[88],"These":[89],"results":[90],"question":[91],"reliability":[93],"sole":[99],"evaluators":[100],"underscore":[105],"need":[107],"expert":[109],"feedback.":[110],"Building":[111],"insight,":[114],"we":[115],"propose":[116],"conceptual":[118],"framework":[119],"that":[120],"persistently":[121],"stores":[122],"human":[123],"feedback":[124,136],"dynamic":[127],"retrieval-augmented":[128],"pipeline,":[130],"enabling":[131],"reuse":[134],"past":[135]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-02-07T00:00:00"}