Vulnerability Detection Model using LLM and Code Chunk - arxiv.org/pdf/2506.19453 Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable packages or libraries, they often overlook the specific functions responsible for these vulnerabilities. Pinpointing vulnerable functions within packages or libraries is critical, as it can significantly reduce the risks associated with using open-source software. Identifying vulnerable patches is challenging because developers often submit code changes that are unrelated to vulnerability fixes. To address this issue, this paper introduces FuncVul, an innovative code chunk-based model for function-level vulnerability detection in C/C and Python, designed to identify multiple vulnerabilities within a function by focusing on smaller, critical code segments. To assess the model’s effectiveness, we construct six code and generic code chunk based datasets using two approaches: (1) integrating patch information with large language models to label vulnerable samples and (2) leveraging large language models alone to detect vulnerabilities in function-level code. To design FuncVul vulnerability model, we utilise GraphCodeBERT fine tune model that captures both the syntactic and semantic aspects of code. Experimental results show that FuncVul outperforms existing state-of-the-art models, achieving an average accuracy of 87-92% and an F1 score of 86-92% across all datasets. Furthermore, we have demonstrated that our codechunk-based FuncVul model improves 53.9% accuracy and 42.0% F1-score than the full function-based vulnerability prediction. #FuncVul #LLMSecurity #CodeChunks #VulnerabilityDetection #SoftwareSupplyChain #OpenSourceSecurity #GraphCodeBERT #FunctionLevelAnalysis #PatchDetection #CodeSecurity #AI4Code #CVEAnalysis #SecureCoding #AIinSecurity #CodeVulnerabilities #LLMDetection #PythonSecurity #CppSecurity #SemanticCodeAnalysis #AISoftwareSecurity

Did you see that if you mouse over the codechunks there's a copy to clipboard button?! softloud.github.io/nmareport…

I was this year old when I learnt about .Rnw (R no web) format. TeX codechunks overleaf for advisors' comments rstudio for me. It's a bit fiddly but I'm so happy to be writing in TeX again, my science mother language. kbroman.org/knitr_knutshell/…

This is awesome! Markdown with javascript codechunks that actually render too! x.com/ryanflorence/status/90…