{"id":"https://openalex.org/W7128732664","doi":"https://doi.org/10.48550/arxiv.2602.10418","title":"SecCodePRM: A Process Reward Model for Code Security","display_name":"SecCodePRM: A Process Reward Model for Code Security","publication_year":2026,"publication_date":"2026-02-11","ids":{"openalex":"https://openalex.org/W7128732664","doi":"https://doi.org/10.48550/arxiv.2602.10418"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.10418","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5125704526","display_name":"Weichen Yu","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yu, Weichen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125772835","display_name":"Ravi Mangal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mangal, Ravi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053386173","display_name":"Yinyi Luo","orcid":"https://orcid.org/0000-0001-8465-8325"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Luo, Yinyi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087022211","display_name":"Kai Hu","orcid":"https://orcid.org/0000-0003-2216-6784"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hu, Kai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100783350","display_name":"Jingxuan He","orcid":"https://orcid.org/0000-0003-1036-2876"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"He, Jingxuan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Pasareanu, Corina S.","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pasareanu, Corina S.","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Fredrikson, Matt","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fredrikson, Matt","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5125704526"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.71670001745224,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.71670001745224,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.10480000078678131,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.0430000014603138,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5874999761581421},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5443999767303467},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5084999799728394},{"id":"https://openalex.org/keywords/ranking","display_name":"Ranking (information retrieval)","score":0.4975999891757965},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4625000059604645},{"id":"https://openalex.org/keywords/coding","display_name":"Coding (social sciences)","score":0.4528000056743622},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4316999912261963},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4205000102519989},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.37610000371932983}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8098999857902527},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5874999761581421},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5443999767303467},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5084999799728394},{"id":"https://openalex.org/C189430467","wikidata":"https://www.wikidata.org/wiki/Q7293293","display_name":"Ranking (information retrieval)","level":2,"score":0.4975999891757965},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4625000059604645},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.4528000056743622},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4316999912261963},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4205000102519989},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.37610000371932983},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.36579999327659607},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34880000352859497},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.3441999852657318},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.3424000144004822},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.32589998841285706},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3111000061035156},{"id":"https://openalex.org/C125411270","wikidata":"https://www.wikidata.org/wiki/Q18653","display_name":"Encoding (memory)","level":2,"score":0.3061000108718872},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.30489999055862427},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.28850001096725464},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2793000042438507},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2784999907016754},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.27649998664855957},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2727000117301941},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.27239999175071716},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.26919999718666077},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.2678999900817871},{"id":"https://openalex.org/C2776836416","wikidata":"https://www.wikidata.org/wiki/Q1364844","display_name":"False alarm","level":2,"score":0.26170000433921814},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.25060001015663147}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.10418","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.10418","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.10418","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.10418","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5567671656608582}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"are":[3],"rapidly":[4],"becoming":[5],"core":[6],"components":[7],"of":[8],"modern":[9],"software":[10],"development":[11],"workflows,":[12],"yet":[13],"ensuring":[14],"code":[15,51,84,127,177],"security":[16,80,182],"remains":[17],"challenging.":[18],"Existing":[19],"vulnerability":[20,120],"detection":[21,121],"pipelines":[22],"either":[23],"rely":[24],"on":[25],"static":[26,96],"analyzers":[27,97],"or":[28],"use":[29],"LLM/GNN-based":[30],"detectors":[31],"trained":[32],"with":[33,112],"coarse":[34],"program-level":[35],"supervision.":[36],"Both":[37],"families":[38],"often":[39],"require":[40],"complete":[41],"context,":[42],"provide":[43],"sparse":[44],"end-of-completion":[45],"feedback,":[46],"and":[47,64,98,125,150],"can":[48],"degrade":[49],"as":[50],"length":[52],"grows,":[53],"making":[54],"them":[55],"ill-suited":[56],"for":[57,140],"real-time,":[58],"prefix-level":[59],"assessment":[60],"during":[61],"interactive":[62],"coding":[63],"streaming":[65],"generation.":[66,165],"We":[67],"propose":[68],"SecCodePRM,":[69],"a":[70,77,83,184],"security-oriented":[71],"process":[72],"reward":[73],"model":[74,103],"that":[75,136,161],"assigns":[76],"context-aware,":[78],"step-level":[79,92],"score":[81],"along":[82],"trajectory.":[85],"To":[86],"train":[87],"the":[88,102],"model,":[89],"we":[90],"derive":[91],"supervision":[93],"labels":[94],"from":[95],"expert":[99],"annotations,":[100],"allowing":[101],"to":[104,108,163],"attend":[105],"more":[106],"precisely":[107],"fine-grained":[109],"regions":[110],"associated":[111],"inter-procedural":[113],"vulnerabilities.":[114],"SecCodePRM":[115,132,142,167],"has":[116],"three":[117,173],"applications:":[118],"full-code":[119],"(VD),":[122],"partial-code":[123],"VD,":[124,131],"secure":[126],"generation":[128],"(CG).":[129],"For":[130],"uses":[133],"risk-sensitive":[134],"aggregation":[135],"emphasizes":[137],"high-risk":[138],"steps;":[139],"CG,":[141],"supports":[143],"inference-time":[144],"scaling":[145],"by":[146],"ranking":[147],"candidate":[148],"continuations":[149],"favoring":[151],"higher":[152],"cumulative":[153],"reward.":[154],"This":[155],"design":[156],"yields":[157],"dense,":[158],"real-time":[159],"feedback":[160],"scales":[162],"long-horizon":[164],"Empirically,":[166],"outperforms":[168],"prior":[169],"approaches":[170],"in":[171],"all":[172],"settings,":[174],"while":[175],"preserving":[176],"functional":[178],"correctness,":[179],"suggesting":[180],"improved":[181],"without":[183],"safety-utility":[185],"tradeoff.":[186]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-13T00:00:00"}