Multitask-based Evaluation of Open-Source LLM on Software Vulnerability

Since the advancements in Natural Language Processing, Large Language Models (LLMs) [1] have seen widespread adoption due to their capacity to be effectively trained with billions of parameters and training samples, resulting in significant performance enhancements. LLMs can readily be applied to downstream tasks through either fine-tuning [2] or prompting [3]. Their versatility stems from being trained to possess a broad understanding, enabling them to capture diverse knowledge across various domains. Fine-tuning involves updating the model parameters specifically for a given downstream task through iterative training on a specific dataset. In contrast, prompting allows for direct utilization by providing natural language descriptions or a few examples of the downstream task. Compared to prompting, fine-tuning is resource-intensive as it necessitates additional model training and is applicable in limited scenarios, particularly when adequate training datasets are unavailable.

LLMs are usually built on the transformer architecture [23] and can be classified into three types of architectures: encoder-only, encoder-decoder, and decoder-only. Encoder-only (e.g., CodeBERT [24], GraphCodeBERT [25], and UniXcoder [26]) and Encoder-Decoder (e.g., PLBART [27], CodeT5 [7], and CodeT5+ [8]) models are trained using Masked Language Modeling (MLM) or Masked Span Prediction (MSP) objective, respectively, where a small portion (e.g., 15%) of the tokens are replaced with either masked tokens or masked span tokens, LLMs are trained to recover the masked tokens. These models are trained as general ones on the code-related data and then are fine-tuned for the downstream tasks to achieve superior performance. Decoder-only models also attract a small portion of people’s attention and they are trained by using Causal Language Modeling objectives to predict the probability of the next token given all previous tokens. GPT [2] and its variants are the most representative models, which bring the large language models into practical usage.

Recently, the ChatGPT model attracts the widest attention from the world, which is the successor of the large language model InstructGPT [28] with a dialog interface that is fine-tuned using the Reinforcement Learning with Human Feedback (RLHF) approach [29, 28, 30]. RLHF initially fine-tunes the base model using a small dataset of prompts as input and the desired output, typically human-written, to refine its performance. Subsequently, a reward model is trained on a larger set of prompts by sampling outputs generated by the fine-tuned model. These outputs are then reordered by human labelers to provide feedback for training the reward model. Reinforcement learning [31] is then used to calculate rewards for each output generated based on the reward model, updating LLM parameters accordingly. With fine-tuning and alignment with human preferences, LLMs better understand input prompts and instructions, enhancing performance across various tasks [32, 28].

Software Vulnerabilities (SVs) can expose software systems to risk situations and consequently make the software under cyber-attacks, eventually causing huge economic losses and even threatening people’s lives. Therefore, vulnerability databases have been created to document and analyze publicly known security vulnerabilities. For example, Common Vulnerabilities and Exposures (CVE) [33, 34] and SecurityFocus [35] are two well-known vulnerability databases. Besides, Common Weakness Enumeration (CWE) defines the common software weaknesses of individual vulnerabilities, which are often referred to as vulnerability types of CVEs. To better address these vulnerabilities, researchers have proposed many approaches for understanding the effects of software vulnerabilities, including SV detection [36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46], SV assessment [47, 48, 20, 49, 50], SV localization [51, 52, 53], SV repair [54, 55, 56, 57] as well as SV description [58, 59, 60, 61]. Many novel technologies are adopted to promote the progress of software vulnerability management, including software analysis [62, 63], machine learning [36, 43], and deep learning [47, 52], especially large language models [59, 60].

We adopt the widely used dataset (named Big-Vul) provided by Fan et al. [21] by considering the following reasons. The most important one is to satisfy the distinct characteristics of the real world as well as the diversity in the dataset, which is suggested by previous works [43, 45]. Big-Vul, to the best of our knowledge, is the most large-scale vulnerability dataset with diverse information about the vulnerabilities, which are collected from practical projects and these vulnerabilities are recorded in the Common Vulnerabilities and Exposures (CVE)¹¹1https://cve.mitre.org/. The second one is to compare fairly with existing state-of-the-art (SOTA) approaches (e.g., LineVul, Devign, and SVulD).

Big-Vul totally contains 3,754 code vulnerabilities collected from 348 open-source projects spanning 91 different vulnerability types from 2002 to 2019. It has 188,636 C/C++ functions with a vulnerable ratio of 5.7% (i.e., 10,900 vulnerability functions). The authors linked the code changes with CVEs and their descriptive information to enable a deeper analysis of the vulnerabilities.

In our work, some baselines need to obtain the structure information (e.g., control flow graph (CFG), data flow graph (DFG)) of the studied functions. Therefore, we adopt the same toolkit with Joern [64] to transform functions. The functions are dropped out directly if they cannot be transformed by Joern successfully. We also remove the duplicated functions and the statistics of the studied dataset are shown in Table II. Finally, the filtered dataset is used for evaluation. We follow the same strategy to build the training data, validating data, and testing data from the original dataset with previous work does [37, 54, 46]. Specifically, 80% of functions are treated as training data, 10% of functions are treated as validation data, and the left 10% of functions are treated as testing data. We also keep the distribution as same as the original ones in training, validating, and testing data.

The general LLMs are pre-trained on textual data, including natural language and code, and can be used for a variety of tasks. In contrast, code-related LLMs are specifically pre-trained to automate code-related tasks. Due to the empirical nature of this work, we are interested in assessing the effectiveness of both LLM categories in vulnerability tasks. For the code-related LLMs, we select the top four models released recently (in 2023), namely DeepSeek-Coder [9], CodeLlama [11], StarCoder [10], and WizardCoder [65]. For the general LLMs, we select the top two models, resulting in the selection of Mistral [66], and Phi-2 [67]. For the few-shot setting, we select the models with no more than 34B parameters from the Hugging Face Open LLM Leaderboard [68], as for the fine-tuning setting, we select the models with 7B parameters or less. The constraint on the number of parameters is imposed by our computing resources (i.e., 192GB RAM, 10 × NVIDIA RTX 3090 GPU). Table III summarizes the characteristics of the studied LLMs, we briefly introduce these LLMs to make our paper self-contained.

DeepSeek-Coder developed by DeepSeek AI [9] is composed of a series of code language models, each trained from scratch on 2T tokens, with a composition of 87% code and 13% natural language in both English and Chinese. They provide various sizes of the code model, ranging from 1B to 33B versions. Each model is pre-trained on project-level code corpus by employing a window size of 16K and an extra fill-in-the-blank task, to support project-level code completion and infilling. For coding capabilities, DeepSeek-Coder achieves state-of-the-art performance among open-source code models on multiple programming languages and various benchmarks.

CodeLlama proposed by Rozière et al. [11] is a set of large pre-trained language models for code built on Llama 2. They achieve state-of-the-art performance among open models on code tasks, provide infilling capabilities, support large input contexts, and demonstrate zero-shot instruction following for programming problems. CodeLlama is created by further training Llama 2 using increased sampling of code data. As with Llama 2, the authors applied extensive safety mitigations to the fine-tuned CodeLlama versions.

StarCoder proposed by Li et al. [10] is a large pre-trained language model specifically designed for code. It was pre-trained on a large amount of code data to acquire programming knowledge and trained on permissive data from GitHub, including over 80 programming languages, Git commits, GitHub issues, and Jupyter notebooks. StarCoder can perform code editing tasks, understand natural language prompts, and generate code that conforms to APIs. StarCoder represents the advancement of applying large language models in programming.

WizardCoder proposed by Luo et al. [65] is a large pre-trained language model that empowers Code LLMs with complex instruction fine-tuning, by adapting the Evol-Instruct method to the domain of code. Through comprehensive experiments on four prominent code generation benchmarks, namely HumanEval, HumanEval+, MBPP, and DS-1000, the authors unveil the exceptional capabilities of their model. It surpasses all other open-source Code LLMs by a substantial margin. Moreover, WizardCoder even outperforms the largest closed LLMs, Anthropic’s Claude and Google’s Bard, on HumanEval and HumanEval+.

Phi-2 proposed by Microsoft [67] packed with 2.7 billion parameters. It’s designed to make machines think more like humans and do it safely. Phi-2 isn’t just about numbers; it’s about a smarter, safer way for computers to understand and interact with the world. Phi-2 stands out because it’s been taught with a mix of new language data and careful checks to make sure it acts right. It’s built to do many things like writing, summarizing texts, and coding, but with better common sense and understanding than its earlier version, Phi-1.5. Phi-2’s evaluation demonstrates its proficiency over larger models in aggregated benchmarks, emphasizing the potential of smaller models to achieve comparable or superior performance to their larger counterparts. This is particularly evident in its comparison with Google Gemini Nano 2, where Phi-2 outshines despite its smaller size.

We follow the prompt similar to those used in the artifacts, papers, or technical reports associated with each corresponding model [5, 10, 11]. For fine-tuning setting and few-shot setting, we use the same prompt, where each prompt contains three pieces of information: (1) task description, (2) source code, and (3) indicator. Using the software vulnerability detection task as an example, the prompt utilized for LLM consists of three crucial components, as depicted in Fig. 3:

• •

  Task Description (marked as ①). LLM is provided with the description constructed as ‘‘If this C code snippet has vulnerabilities, output Yes; otherwise, output No’’. The task descriptions used in the SV detection task vary based on the source programming language we employ.

• •

  Source Code (marked as ②). We provide LLM with the code wrapped in ‘‘// Code Start’’ and ‘‘// Code End’’ Since we illustrate an example in C, we use the C comment format of ‘‘//’’ as a prefix for the description. We also employ different comment prefixes based on the programming language of the code.

• •

  Indicator (marked as ③). LLM is instructed to think about the results. In this paper, we follow the best practice in previous work [12] and adopt the same prompt named ‘‘// Detection’’.

Depending on the specific software vulnerability tasks, the task descriptions and indicators in the prompts may vary. The task descriptions and indicators for different software vulnerability tasks are presented in Table IV.

To comprehensively compare the vulnerability detection performance of LLMs with existing state-of-the-art (SOTA) approaches, in this study, we consider the five approaches: Devign [36], ReVeal [45], IVDetect [52], LineVul [37], and SVulD [46]. We briefly introduce them as follows.

Devign proposed by Zhou et al. [36] is a general graph neural network-based model for graph-level classification through learning on a rich set of code semantic representations including AST, CFG, DFG, and code sequences. It uses a novel $Conv$ module to efficiently extract useful features in the learned rich node representations for graph-level classification.

ReVeal proposed by Chakraborty et al. [45] contains two main phases. In the feature extraction phase, it translates code into a graph embedding, and in the training phase, it trains a representation learner on the extracted features to obtain a model that can distinguish the vulnerable functions from non-vulnerable ones.

IVDetect proposed by Li et al. [52] contains the coarse-grained vulnerability detection component and fine-grained interpretation component. In particular, IVDetect represents source code in the form of a program dependence graph (PDG) and treats the vulnerability detection problem as graph-based classification via graph convolution network with feature attention. As for interpretation, IVDetect adopts a GNNExplainer to provide fine-grained interpretations that include the sub-graph in PDG with crucial statements that are relevant to the detected vulnerability.

LineVul proposed by Fu et al. [37] is a Transformer-based line-level vulnerability prediction approach. LineVul leverages BERT architecture with self-attention layers which can capture long-term dependencies within a long sequence. Besides, benefiting from the large-scale pre-trained model, LineVul can intrinsically capture more lexical and logical semantics for the given code input. Moreover, LineVul adopts the attention mechanism of BERT architecture to locate the vulnerable lines for finer-grained detection.

SVulD proposed by Ni et al. [46] is a function-level subtle semantic embedding for vulnerability detection along with heuristic explanations. Particularly, SVulD adopts contrastive learning to train the UniXcoder semantic embedding model for learning distinguishing semantic representation of functions regardless of their lexically similar information.

For considered software vulnerability-related tasks, we will perform evaluations using the widely adopted performance metrics. More precisely, to evaluate the effectiveness of LLMs on vulnerability detection and vulnerability assessment, we consider the following four metrics: F1-score, Recall, Precision, and Accuracy.

For the software vulnerability location task, we adopt the Hit@Acc, Precision, and Recall metrics (refer to Section 4.3 for more details). For the software vulnerability description task, we use Rouge-1, Rouge-2, and Rouge-L metrics.

We develop the generation pipeline in Python, utilizing PyTorch [69] implementations of DeepSeek Coder, CodeLlama, StarCoder, WizardCoder, Mistral, and Phi-2. We use the Huggingface [70] to load the model weights and generate outputs. We also adhere to the best-practice guide [71] for each prompt. For the fine-tuning setting, we select the models with 7B parameters or less, and for the few-shot setting, we use models with fewer than 34B parameters. To directly compare the fine-tuning setting with the few-shot setting, we employ models with the same parameter in both settings (i.e., DeepSeek Coder 6.7B, CodeLlama 7B, StarCoder 7B, WizardCoder 7B, Mistral 7B, and Phi-2 2.7B). The constraint on the number of parameters is imposed by our computing resources. Table III summarizes the characteristics of the studied LLMs. Furthermore, considering the limitation of LLM’s conversation windows, we manually select three examples for the few-shot setting from the training set. Regarding ReVeal, IVDetect, Devign, LineVul, and SVulD, we utilize their publicly available source code and perform fine-tuning with the default parameters provided in their original code. Considering Devign’s code is not publicly available, we make every effort to replicate its functionality and achieve similar results on the original paper’s dataset. All these models are implemented using the PyTorch [69] framework. The evaluation is conducted on a 16-core workstation equipped with an Intel(R) Xeon(R) Gold 6226R CPU @ 2.90Ghz, 192GB RAM, and 10 × NVIDIA RTX 3090 GPU, running Ubuntu 20.04.1 LTS.

In this RQ, we first investigate the vulnerability detection of LLMs and make a comparison with the existing state-of-the-art (SOTA) approaches. Then, we conduct a more detailed analysis of the results, comparing the detection performance of LLMs under the Top-10 CWE types.

We consider the five SOTA baselines: Devign [36], ReVeal [45], IVDetect [52], LineVul [37], and SVulD [46]. These approaches can be divided into two groups: graph-based (i.e., Devign, ReVeal and IVDetect) and transformer-based (i.e., LineVul and SVulD). Besides, in order to comprehensively compare the performance among baselines and LLMs, we consider four widely used performance measures (i.e., Precision, Recall, F1-score, and Accuracy) and conduct experiments on the popular dataset. Since graph-based approaches need to obtain the structure information (e.g., control flow graph (CFG), data flow graph (DFG)) of the studied functions, we adopt the same toolkit with Joern to transform functions. The functions are dropped out directly if they cannot be transformed by Joern successfully. Finally, the filtered dataset (shown in Table II) is used for evaluation. We follow the same strategy to build the training data, validating data, and testing data from the original dataset with previous work does [37, 54]. Specifically, 80% of functions are treated as training data, 10% of functions are treated as validation data, and the left 10% of functions are treated as testing data. We also keep the distribution as same as the original ones in training, validating, and testing data. Apart from presenting the overall performance comparison, we also give the detailed performance of LLMs on the Top-10 CWE types for a better analysis.

(1) Fine-tuned LLMs have poor performance compared with transformer-based approaches when considering F1-score, Precision, and Accuracy. In particular, SVulD obtains 0.336, 0.282, and 0.915 in terms of F1-score, Precision, and Accuracy, which surpass the fine-tuned LLMs by 23.5%-242.9%, 70.9%-432.1%, and 16.9%-162.2% in terms of F1-score, Precision, and Accuracy, respectively. LineVul also outperforms all LLMs in precision and accuracy, with F1-score equal to the best LLM.

(2) The performance of fine-tuned LLMs is comparable to graph-based approaches. As for recall, LLMs under the fine-tuning setting generally outperform previous SOTA approaches, except for StarCoder (0.646), which falls slightly behind the top-performing approach, Devign (0.660). As for F1-score, LLMs achieve a range of 0.214-0.272, whereas graph-based approaches achieve a range of 0.200-0.232. As for Precision, LLMs score between 0.123 and 0.159, while graph-based methods range from 0.118 to 0.172. Additionally, in terms of Accuracy, LLMs range from 0.685 to 0.771, whereas graph-based methods range from 0.726 to 0.815.

(3) LLMs under few-shot setting have poor performance compared with existing approaches. LLMs ranging from 2.7B to 34B parameters perform less favorably than existing approaches in terms of F1-score and Precision. However, as for Accuracy, SVulD (transformer-based) obtains the best performance (0.915) and DeepSeek-Coder 6.7B ranks third (0.823), which is better than the three graph-based approaches.

[B] Fine-Tuning vs. Few-Shot. The experimental results are presented in Table  V. Based on these experimental findings, we can draw the following observations: (1) LLMs fine-tuned for vulnerability detection demonstrate superior performance on the task compared to LLMs (except Mistral) in the few-shot setting. The F1-score and Precision have doubled, while the Recall has also shown improvement. (2) Mistral experiences a significant drop in performance after fine-tuning, except for Recall. This could be due to the absence of high-quality security vulnerability-related data in its pre-training. (3) LLMs with more parameters typically exhibit better performance. For example, CodeLlama 34B improves upon CodeLlama 7B by 19.4%, 34.5%, and 37.0% in terms of F1-score, Precision, and Accuracy, respectively. However, different LLMs may exhibit performance variations due to differences in model design and the quality of pre-training data. (4) Phi-2 achieves performance approximating that of other LLMs with 7 billion parameters, even with a parameter size of 2.7 billion. This may be attributed to the higher quality of its pre-training data.

[C] The comparisons of Top-10 CWE types between LLMs. Table VI shows the detailed comparisons of Top-10 CWE types between fine-tuned LLMs. In this table, we highlight the best performance for each performance metric in bold. According to the results, we can achieve the following observations:

(1) In most cases, WizardCoder obtains better performance than LLMs by considering all performance metrics. Mistral performs the worst on many CWE types, even weaker than other LLMs by several times, which means Mistral has almost no ability to detect vulnerabilities. Other LLMs have certain advantages in different CWE types, complementing each other.

(2) Considering the performance of all metrics, WizardCoder achieves the best performances on CWE-119 (“Improper Restriction of Operations within the Bounds of a Memory Buffer”), CWE-125 (“Out-of-bounds Read”), CWE-362 (“Concurrent Execution using Shared Resource with Improper Synchronization (’Race Condition’)”), and CWE-476 (“NULL Pointer Dereference”), which indicates WizardCoder is exceptionally skilled at detecting and mitigating vulnerabilities related to memory handling and synchronization issues.

In this RQ, we delineate two task descriptions for vulnerability assessment: (1) code-based and (2) code-based with additional key information. We compare the performance of LLMs in both task descriptions for vulnerability assessment and concurrently conduct a case study to illustrate the effectiveness of incorporating key important information.

Case Study. To illustrate the effectiveness of key important information, we present an instance of a vulnerability (CWE-119) in Big-Vul that is exclusively assess by CodeLlama, as depicted in Table VIII. This example is a vulnerability in the Linux project, categorized under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability). In an initial assessment without critical information, CodeLlama did not fully grasp the severity of this vulnerability and labeled it as “Medium”. However, with the provision of crucial details, CodeLlama can more accurately evaluate the risk level of this vulnerability. The CVE description for this vulnerability highlights multiple buffer overflows in the net/wireless/nl80211.c file of the Linux kernel prior to version 2.6.39.2. These vulnerabilities allow local users to gain elevated privileges by leveraging the CAP NET ADMIN capability during scan operations with an excessively long SSID value. In this scenario, the lack of proper validation of the SSID length leads to buffer overflows, enabling attackers to exploit the vulnerability, escalate privileges, and execute malicious code. The commit message described that this bug has existed since version 2.6.29-rc4 of the Linux kernel. Given this information, CodeLlama reassesses the risk level of this vulnerability as “High”. This is because it allows attackers to escalate privileges and execute malicious code, and it has persisted for a considerable period of time. It is crucial to address and patch this vulnerability promptly by updating the operating system or kernel to ensure security.

To compare the vulnerability assessment capabilities of LLMs after providing key information, we have created a performance comparison bar chart, as shown in Fig.4. LLMs have limited capacity for assessing vulnerability severity based solely on source code. However, when provided with key important information, most LLMs (i.e., DeepSeek-Coder, CodeLlama, WizardCoder, and Mistral) exhibit significantly improved vulnerability assessment capabilities, particularly in terms of the Accuracy metric. The Accuracy has increased from the range of 0.2-0.37 to the range of 0.21-0.43. StarCoder and Phi-2 are showing a declining trend, and we believe this may be attributed to the addition of key information, resulting in an increase in the number of input tokens. These LLMs may not excel in handling excessively long text sequences. In contrast, DeepSeek-Coder exhibits a significant improvement, possibly due to its proficiency in handling long sequential text.

In this RQ, we first outline how to assess the vulnerability location capabilities of LLMs. Then, we proceed to compare the vulnerability location abilities of LLMs across different settings, both at a general level and in detail, and analyze the reasons behind the observed differences.

As for a specific vulnerable function, it may contain one or several vulnerable lines of code ($Lines_{ground}$), and LLM may also predict one or several potential ones ($Lines_{predict}$). We compare $Lines_{predict}$ to $Lines_{ground}$ to check whether the line index $L_{i}\in Lines_{predict}$ belongs to $Lines_{ground}$ and we treat it predict correctly for the line $L_{i}$ if it belongs to, otherwise it predicts incorrectly. We also use the $Lines_{both}$ to represent the intersection of $Lines_{predict}$ to $Lines_{ground}$.

To better evaluate the vulnerability location performance of LLM on a specific vulnerable function, we give the following definitions:

• •

  Hit@Acc means the effectiveness of LLM and equals 1 if LLM correctly predicts at least one line of vulnerable line, other it equals 0.

• •

  Precision indicates how many of the LLM’s predicted vulnerability locations are actual vulnerability locations. It is defined as $\mathit{Precision=\frac{\#Lines_{both}}{\#Lines_{predict}}}$.

• •

  Recall indicates how many actual vulnerability locations LLM can be correctly found. It is defined as: $\mathit{Recall=\frac{\#Lines_{both}}{\#Lines_{ground}}}$.

For example, for a given vulnerable function, it totally has six vulnerable lines “[2, 3, 5, 9, 14,23]”, and LLM gives out its prediction with 10 potential lines “[1, 3, 5, 11, 15, 16, 17, 21, 22, 23]”. Then, we know that $Lines_{ground}$ equals “[2, 3, 5, 9, 14, 23]”, $Lines_{predict}$ equals “[1, 3, 5, 11, 15, 16, 17, 21, 22, 23]” and $Lines_{both}$ equals “[3, 5, 23]”. According to these values, we obtain that $Precision=\frac{3}{10}$, $Recall=\frac{3}{6}$, and $Hit@Acc=1$.

(1) The few-shot setting reveals limitations in LLMs, and after fine-tuning, LLMs become more cautious. From the perspective of the Recall and Hit@Acc metrics, it appears that the vulnerability location capability of the LLMs after fine-tuning has actually weakened. For example, as shown in Table IX, the Recall range has changed from 0.063-0.341 to 0.122-0.186, and the Hit@Acc range has changed from 0.155-0.472 to 0.255-0.320. From Table X, it can be observed that across different CWE types, the best performance in terms of Recall and Hit@Acc metrics often occurs in the few-shot setting. This contradicts our previous experience, as it seems that LLMs perform worse after learning. To address this issue, we conducted a detailed analysis of the output results of the LLMs under fine-tuning and few-shot settings. We found that LLMs have limitations, and in the few-shot setting, they tend to output more vulnerable lines, even if these lines do not contain vulnerabilities. Let’s take StarCoder as an example. Fig. 5 depicts a vulnerability code snippet from the Big-Vul dataset, with the vulnerability behavior occurring in lines 3 and 4. However, in the few-shot setting, StarCoder tends to output more vulnerability lines, such as “[1, 2, 3, 4, 5, 6, 7, 8, 9]”, whereas after fine-tuning, StarCoder becomes more cautious and only outputs “[4]”. We observed a similar pattern in other LLMs, and we believe this is the reason for the higher Recall and Hit@Acc values in the few-shot setting. Therefore, it appears that the excellent performance of LLMs in few-shot setting is attributed to their inclination to output more potential vulnerability lines in those scenarios, even when such lines do not contain actual vulnerabilities.

(2) Mistral is a promising LLM for vulnerability location task. Overall, after fine-tuning, LLMs show improved Precision, indicating their ability to learn and perform better on vulnerability location tasks. Surprisingly, Mistral, being a text LLM, exhibits improvements across all metrics after fine-tuning, especially with Precision reaching the best (i.e., 0.133), surpassing all other LLMs. This suggests that Mistral possesses significant potential to learn how to effectively locate vulnerabilities. If Mistral could be trained using pre-training tasks similar to those used for code LLMs, it might become an exceptionally powerful model for software vulnerability location.

In this RQ, we employ the ROUGH metric to evaluate the LLMs’ vulnerability description capabilities. We conduct a detailed statistical analysis of LLMs’ abilities and also perform a case study to provide a comprehensive assessment of their performance in describing vulnerabilities.

To evaluate the precision of the generated CVE description, we adopt the widely used performance metric ROUGE [72], which is a set of metrics and is used for evaluating automatic summarization and machine translation software in natural language processing. The metrics compare an automatically produced summary or translation against a reference or a set of references (human-produced) summary or translation. Here, we totally consider three settings: 1, 2, and L.

Case Study. To demonstrate the effectiveness of LLMs in generating vulnerability descriptions, we present an example of a vulnerability (CWE-119) described by CodeLlama, as shown in Table XII. This example represents a vulnerability within the Linux project, categorized as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability). It is noteworthy that even when provided with only the code of the vulnerability, CodeLlama produces text highly similar to the CVE description (highlighted in orange), indicating that pre-trained LLMs on extensive text and code are capable of comprehending the essence and crucial features of vulnerabilities and expressing this information in natural language.