A Vulnerability Code Intent Summary Dataset
Yifan Huang, Weisong Sun, Yubin Qu
TL;DR
The paper addresses the need for security-aware code understanding by introducing BADS, a large, multi-perspective vulnerability code intent dataset that pairs code with both functional and security-oriented summaries. It outlines a four-stage process to build the dataset, combining automated LLM-based labeling with rigorous manual validation, and then demonstrates generating security summaries through fine-tuned code LLMs using PEFT with LoRA on the Qwen 2.5 Coder. The work reports a 2,823-record dataset spanning multiple projects and languages, and shows that security-focused summaries outperform functional ones across standard evaluation metrics, highlighting the value of incorporating security intent into code summaries. By enabling multidimensional vulnerability analysis, cross-language pattern research, and improved security tooling, this dataset stands to advance both software engineering and cybersecurity research and practice. The authors also provide practical applications, dataset releases, and a plan for ongoing updates to maintain relevance with evolving threats and languages.
Abstract
In the era of Large Language Models (LLMs), the code summarization technique boosts a lot, along with the emergence of many new significant works. However, the potential of code summarization in the Computer Security Area still remains explored. Can we generate a code summary of a code snippet for its security intention? Thus, this work proposes an innovative large-scale multi-perspective Code Intent Summary Dataset named BADS , aiming to increase the understanding of a given code snippet and reduce the risk in the code developing process. The procedure of establishing a dataset can be divided into four steps: First, we collect samples of codes with known vulnerabilities as well as code generated by AI from multiple sources. Second, we do the data clean and format unification, then do the data combination. Third, we utilize the LLM to automatically Annotate the code snippet. Last, We do the human evaluation to double-check. The dataset contains X code examples which cover Y categories of vulnerability. Our data are from Z open-source projects and CVE entries, and compared to existing work, our dataset not only contains original code but also code function summary and security intent summary, providing context information for research in code security analysis. All information is in CSV format. The contributions of this paper are four-fold: the establishment of a high-quality, multi-perspective Code Intent Summary Dataset; an innovative method in data collection and processing; A new multi-perspective code analysis framework that promotes cross-disciplinary research in the fields of software engineering and cybersecurity; improving the practicality and scalability of the research outcomes by considering the code length limitations in real-world applications. Our dataset and related tools have been publicly released on GitHub.