{"id":"https://openalex.org/W7155362332","doi":"https://doi.org/10.48550/arxiv.2604.20211","title":"Towards Secure Logging: Characterizing and Benchmarking Logging Code Security Issues with LLMs","display_name":"Towards Secure Logging: Characterizing and Benchmarking Logging Code Security Issues with LLMs","publication_year":2026,"publication_date":"2026-04-22","ids":{"openalex":"https://openalex.org/W7155362332","doi":"https://doi.org/10.48550/arxiv.2604.20211"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.20211","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.20211","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.20211","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5134423406","display_name":"He Yang Yuan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuan, He Yang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134448719","display_name":"Xin Eric Wang","orcid":"https://orcid.org/0009-0009-6914-5666"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Xin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035956071","display_name":"Kundi Yao","orcid":"https://orcid.org/0000-0002-3756-4673"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yao, Kundi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026999307","display_name":"An Ran Chen","orcid":"https://orcid.org/0000-0003-3137-7540"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, An Ran","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134434463","display_name":"Zishuo Ding","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ding, Zishuo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134402332","display_name":"Zhenhao Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Zhenhao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9718000292778015,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9718000292778015,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.005400000140070915,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.002300000051036477,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.6481000185012817},{"id":"https://openalex.org/keywords/logging","display_name":"Logging","score":0.6039999723434448},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.5986999869346619},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.46720001101493835},{"id":"https://openalex.org/keywords/benchmarking","display_name":"Benchmarking","score":0.44359999895095825},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.42010000348091125},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4156000018119812},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.3765999972820282},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.37380000948905945}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.699400007724762},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6852999925613403},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.6481000185012817},{"id":"https://openalex.org/C125620115","wikidata":"https://www.wikidata.org/wiki/Q845249","display_name":"Logging","level":2,"score":0.6039999723434448},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.5986999869346619},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.46720001101493835},{"id":"https://openalex.org/C86251818","wikidata":"https://www.wikidata.org/wiki/Q816754","display_name":"Benchmarking","level":2,"score":0.44359999895095825},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.42010000348091125},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4156000018119812},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.3765999972820282},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.37380000948905945},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.3666999936103821},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3449999988079071},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.337799996137619},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.32350000739097595},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3116999864578247},{"id":"https://openalex.org/C2777989319","wikidata":"https://www.wikidata.org/wiki/Q597393","display_name":"Illegal logging","level":3,"score":0.28700000047683716},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.27469998598098755},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2736000120639801},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2703999876976013},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2662000060081482},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.265500009059906},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.25920000672340393},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2581999897956848},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.25290000438690186},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.25}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.20211","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.20211","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.20211","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.20211","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7260932326316833,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Logging":[0],"code":[1,60,83,173],"plays":[2],"an":[3,118],"important":[4],"role":[5],"in":[6,52,66,130,144,169],"software":[7],"systems":[8],"by":[9],"recording":[10],"key":[11],"events":[12],"and":[13,20,44,71,91,113,132,207,211],"behaviors,":[14],"which":[15],"are":[16,148],"essential":[17],"for":[18,69,205,216],"debugging":[19],"monitoring.":[21],"However,":[22],"insecure":[23],"logging":[24,53,59,82,104,134],"practices":[25],"can":[26],"inadvertently":[27],"expose":[28],"sensitive":[29],"information":[30],"or":[31,194],"enable":[32],"attacks":[33],"such":[34],"as":[35],"log":[36],"injection,":[37],"posing":[38],"serious":[39],"threats":[40],"to":[41,126,161],"system":[42],"security":[43,61,84,105,135,153,191],"privacy.":[45],"Prior":[46],"research":[47],"has":[48],"examined":[49],"general":[50],"defects":[51],"code,":[54],"but":[55],"systematic":[56],"analysis":[57],"of":[58,81,197,213],"issues":[62,154],"remains":[63],"limited,":[64],"particularly":[65],"leveraging":[67],"LLMs":[68,147,215],"detection":[70,186],"repair.":[72],"In":[73],"this":[74],"paper,":[75],"we":[76],"derive":[77],"a":[78,98,141,195],"comprehensive":[79],"taxonomy":[80],"issues,":[85],"encompassing":[86],"four":[87],"common":[88],"issue":[89,106,180],"categories":[90],"10":[92],"corresponding":[93],"patterns.":[94],"We":[95,115,175],"further":[96],"construct":[97],"benchmark":[99],"dataset":[100],"with":[101],"101":[102],"real-world":[103],"reports":[107],"that":[108,121,178],"have":[109],"been":[110],"manually":[111],"reviewed":[112],"annotated.":[114],"then":[116],"propose":[117],"automated":[119],"framework":[120],"incorporates":[122],"various":[123],"contextual":[124],"knowledge":[125],"evaluate":[127],"LLMs'":[128,185],"capabilities":[129],"detecting":[131,152],"repairing":[133],"issues.":[136],"Our":[137],"experimental":[138],"results":[139],"reveal":[140],"notable":[142],"disparity":[143],"performance:":[145],"while":[146],"moderately":[149],"effective":[150],"at":[151],"(e.g.,":[155],"the":[156,179,184,190,209],"accuracy":[157,187],"ranges":[158],"from":[159],"12.9%":[160],"52.5%":[162],"on":[163],"average),":[164],"they":[165],"face":[166],"noticeable":[167],"challenges":[168],"reliably":[170],"generating":[171],"correct":[172],"repairs.":[174],"also":[176],"find":[177],"description":[181],"alone":[182],"improves":[183],"more":[188],"than":[189],"pattern":[192],"explanation":[193],"combination":[196],"both.":[198],"Overall,":[199],"our":[200],"findings":[201],"provide":[202],"actionable":[203],"insights":[204],"practitioners":[206],"highlight":[208],"potential":[210],"limitations":[212],"current":[214],"secure":[217],"logging.":[218]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-04-24T00:00:00"}
