Saved in:
Bibliographic Details
Main Authors: Naseer, Fiza, Khan, Javed Ali, Yaqoob, Muhammad, Mylonas, Alexios, Gambo, Ishaya
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.24822
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911627737038848
author Naseer, Fiza
Khan, Javed Ali
Yaqoob, Muhammad
Mylonas, Alexios
Gambo, Ishaya
author_facet Naseer, Fiza
Khan, Javed Ali
Yaqoob, Muhammad
Mylonas, Alexios
Gambo, Ishaya
contents Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic software vulnerability identification due to their robust contextual modelling and representation learning capabilities. Objectives: While numerous systematic literature reviews (SLRs) have examined machine learning and deep learning methods for identifying vulnerabilities, a more transformer-centric analysis remains to be explored. This SLR critically analysed 80 studies published between 2021 and 2025 that utilised transformer models to identify software vulnerabilities. Methods: Using Kitchenhams SLR guidelines, we methodically evaluate current research from various perspectives, encompassing study trends, datasets and sources, programming languages, transformer frameworks, detection detail levels, assessment metrics, reference models, types of vulnerabilities, and experimental configurations. Results: We classify transformer models into encoder, decoder, and combined architectures and analyse both pre-trained and fine-tuned versions utilized on source code, logs, and smart contracts. The results emphasise prevailing research trends, frequently utilised benchmarks, and main baselines. It also uncovers crucial technical issues like data imbalance, interpretability, scalability, and generalization across programming languages. Conclusion: By integrating current evidence and recognising unaddressed research areas, this SLR provides a consolidated resource for researchers and professionals seeking to develop more reliable, precise, and interpretable transformer-based vulnerability identification systems.
format Preprint
id arxiv_https___arxiv_org_abs_2604_24822
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle A systematic literature Review for Transformer-based Software Vulnerability detection
Naseer, Fiza
Khan, Javed Ali
Yaqoob, Muhammad
Mylonas, Alexios
Gambo, Ishaya
Software Engineering
Machine Learning
Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic software vulnerability identification due to their robust contextual modelling and representation learning capabilities. Objectives: While numerous systematic literature reviews (SLRs) have examined machine learning and deep learning methods for identifying vulnerabilities, a more transformer-centric analysis remains to be explored. This SLR critically analysed 80 studies published between 2021 and 2025 that utilised transformer models to identify software vulnerabilities. Methods: Using Kitchenhams SLR guidelines, we methodically evaluate current research from various perspectives, encompassing study trends, datasets and sources, programming languages, transformer frameworks, detection detail levels, assessment metrics, reference models, types of vulnerabilities, and experimental configurations. Results: We classify transformer models into encoder, decoder, and combined architectures and analyse both pre-trained and fine-tuned versions utilized on source code, logs, and smart contracts. The results emphasise prevailing research trends, frequently utilised benchmarks, and main baselines. It also uncovers crucial technical issues like data imbalance, interpretability, scalability, and generalization across programming languages. Conclusion: By integrating current evidence and recognising unaddressed research areas, this SLR provides a consolidated resource for researchers and professionals seeking to develop more reliable, precise, and interpretable transformer-based vulnerability identification systems.
title A systematic literature Review for Transformer-based Software Vulnerability detection
topic Software Engineering
Machine Learning
url https://arxiv.org/abs/2604.24822