Secure Code Generation with CodeT5: Leveraging Large Language Models and CVE Dataset

Sanjana Ganesh Nayak; Anirudha Rao; B. L.Siddhartha Bhat; Sanjana Ganesh Nayak; Mamatha Balachandra; Om Prakash; Varinder Pratap Singh

doi:10.1007/978-981-96-1206-2_4

Secure Code Generation with CodeT5: Leveraging Large Language Models and CVE Dataset

Sanjana Ganesh Nayak
, Anirudha Rao
, B. L.Siddhartha Bhat
, Sanjana Ganesh Nayak
, Mamatha Balachandra^*
, Om Prakash
, Varinder Pratap Singh

^*Corresponding author for this work

School of Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In the last couple of years, generative models especially large language models drawing from recent advances in AI have emerged as promising for numerous applications. This work illustrates how a large language model, CodeT5, can enhance secure text-to-code generation. CodeT5 is proposed as a unified pre-trained encoder–decoder transformer model that benefits from semantic hints given by developer-assigned identifier names, improving code understanding and promoting trustworthy text-to-code transcribing. It addresses gaps by incorporating an identifier-aware pre-training task and connecting natural language to programming language abstractions through user-written code comments. To enhance code security, CodeT5 is trained on a huge CVE dataset, leveraging code snippets before and after security patches. This new hybrid paradigm helps promote secure coding as well as AI-enhanced software engineering.

Original language	English
Title of host publication	Information Systems for Intelligent Systems - Proceedings of ISBM 2024
Editors	Chakchai So In, Narendra S. Londhe, Nityesh Bhatt, Meelis Kitsing
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	29-39
Number of pages	11
ISBN (Print)	9789819612055
DOIs	https://doi.org/10.1007/978-981-96-1206-2_4
Publication status	Published - 2025
Event	3rd World Conference on Information Systems for Business Management, ISBM 2024 - Bangkok, Thailand Duration: 12-09-2024 → 13-09-2024

Publication series

Name	Smart Innovation, Systems and Technologies
Volume	430 SIST
ISSN (Print)	2190-3018
ISSN (Electronic)	2190-3026

Conference

Conference	3rd World Conference on Information Systems for Business Management, ISBM 2024
Country/Territory	Thailand
City	Bangkok
Period	12-09-24 → 13-09-24

All Science Journal Classification (ASJC) codes

General Decision Sciences
General Computer Science

Access to Document

10.1007/978-981-96-1206-2_4

Cite this

Nayak, S. G., Rao, A., Bhat, B. L. S., Nayak, S. G., Balachandra, M., Prakash, O., & Singh, V. P. (2025). Secure Code Generation with CodeT5: Leveraging Large Language Models and CVE Dataset. In C. S. In, N. S. Londhe, N. Bhatt, & M. Kitsing (Eds.), Information Systems for Intelligent Systems - Proceedings of ISBM 2024 (pp. 29-39). (Smart Innovation, Systems and Technologies; Vol. 430 SIST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-96-1206-2_4

Nayak, Sanjana Ganesh ; Rao, Anirudha ; Bhat, B. L.Siddhartha et al. / Secure Code Generation with CodeT5 : Leveraging Large Language Models and CVE Dataset. Information Systems for Intelligent Systems - Proceedings of ISBM 2024. editor / Chakchai So In ; Narendra S. Londhe ; Nityesh Bhatt ; Meelis Kitsing. Springer Science and Business Media Deutschland GmbH, 2025. pp. 29-39 (Smart Innovation, Systems and Technologies).

@inproceedings{a0cba6c00af042b699da8eba7a84e55b,

title = "Secure Code Generation with CodeT5: Leveraging Large Language Models and CVE Dataset",

abstract = "In the last couple of years, generative models especially large language models drawing from recent advances in AI have emerged as promising for numerous applications. This work illustrates how a large language model, CodeT5, can enhance secure text-to-code generation. CodeT5 is proposed as a unified pre-trained encoder–decoder transformer model that benefits from semantic hints given by developer-assigned identifier names, improving code understanding and promoting trustworthy text-to-code transcribing. It addresses gaps by incorporating an identifier-aware pre-training task and connecting natural language to programming language abstractions through user-written code comments. To enhance code security, CodeT5 is trained on a huge CVE dataset, leveraging code snippets before and after security patches. This new hybrid paradigm helps promote secure coding as well as AI-enhanced software engineering.",

author = "Nayak, \{Sanjana Ganesh\} and Anirudha Rao and Bhat, \{B. L.Siddhartha\} and Nayak, \{Sanjana Ganesh\} and Mamatha Balachandra and Om Prakash and Singh, \{Varinder Pratap\}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.; 3rd World Conference on Information Systems for Business Management, ISBM 2024 ; Conference date: 12-09-2024 Through 13-09-2024",

year = "2025",

doi = "10.1007/978-981-96-1206-2\_4",

language = "English",

isbn = "9789819612055",

series = "Smart Innovation, Systems and Technologies",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "29--39",

editor = "In, \{Chakchai So\} and Londhe, \{Narendra S.\} and Nityesh Bhatt and Meelis Kitsing",

booktitle = "Information Systems for Intelligent Systems - Proceedings of ISBM 2024",

address = "Germany",

}

Nayak, SG, Rao, A, Bhat, BLS, Nayak, SG, Balachandra, M, Prakash, O & Singh, VP 2025, Secure Code Generation with CodeT5: Leveraging Large Language Models and CVE Dataset. in CS In, NS Londhe, N Bhatt & M Kitsing (eds), Information Systems for Intelligent Systems - Proceedings of ISBM 2024. Smart Innovation, Systems and Technologies, vol. 430 SIST, Springer Science and Business Media Deutschland GmbH, pp. 29-39, 3rd World Conference on Information Systems for Business Management, ISBM 2024, Bangkok, Thailand, 12-09-24. https://doi.org/10.1007/978-981-96-1206-2_4

Secure Code Generation with CodeT5: Leveraging Large Language Models and CVE Dataset. / Nayak, Sanjana Ganesh; Rao, Anirudha; Bhat, B. L.Siddhartha et al.
Information Systems for Intelligent Systems - Proceedings of ISBM 2024. ed. / Chakchai So In; Narendra S. Londhe; Nityesh Bhatt; Meelis Kitsing. Springer Science and Business Media Deutschland GmbH, 2025. p. 29-39 (Smart Innovation, Systems and Technologies; Vol. 430 SIST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Secure Code Generation with CodeT5

T2 - 3rd World Conference on Information Systems for Business Management, ISBM 2024

AU - Nayak, Sanjana Ganesh

AU - Rao, Anirudha

AU - Bhat, B. L.Siddhartha

AU - Nayak, Sanjana Ganesh

AU - Balachandra, Mamatha

AU - Prakash, Om

AU - Singh, Varinder Pratap

PY - 2025

Y1 - 2025

N2 - In the last couple of years, generative models especially large language models drawing from recent advances in AI have emerged as promising for numerous applications. This work illustrates how a large language model, CodeT5, can enhance secure text-to-code generation. CodeT5 is proposed as a unified pre-trained encoder–decoder transformer model that benefits from semantic hints given by developer-assigned identifier names, improving code understanding and promoting trustworthy text-to-code transcribing. It addresses gaps by incorporating an identifier-aware pre-training task and connecting natural language to programming language abstractions through user-written code comments. To enhance code security, CodeT5 is trained on a huge CVE dataset, leveraging code snippets before and after security patches. This new hybrid paradigm helps promote secure coding as well as AI-enhanced software engineering.

AB - In the last couple of years, generative models especially large language models drawing from recent advances in AI have emerged as promising for numerous applications. This work illustrates how a large language model, CodeT5, can enhance secure text-to-code generation. CodeT5 is proposed as a unified pre-trained encoder–decoder transformer model that benefits from semantic hints given by developer-assigned identifier names, improving code understanding and promoting trustworthy text-to-code transcribing. It addresses gaps by incorporating an identifier-aware pre-training task and connecting natural language to programming language abstractions through user-written code comments. To enhance code security, CodeT5 is trained on a huge CVE dataset, leveraging code snippets before and after security patches. This new hybrid paradigm helps promote secure coding as well as AI-enhanced software engineering.

UR - https://www.scopus.com/pages/publications/105009904712

UR - https://www.scopus.com/pages/publications/105009904712#tab=citedBy

U2 - 10.1007/978-981-96-1206-2_4

DO - 10.1007/978-981-96-1206-2_4

M3 - Conference contribution

AN - SCOPUS:105009904712

SN - 9789819612055

T3 - Smart Innovation, Systems and Technologies

SP - 29

EP - 39

BT - Information Systems for Intelligent Systems - Proceedings of ISBM 2024

A2 - In, Chakchai So

A2 - Londhe, Narendra S.

A2 - Bhatt, Nityesh

A2 - Kitsing, Meelis

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 12 September 2024 through 13 September 2024

ER -

Nayak SG, Rao A, Bhat BLS, Nayak SG, Balachandra M, Prakash O et al. Secure Code Generation with CodeT5: Leveraging Large Language Models and CVE Dataset. In In CS, Londhe NS, Bhatt N, Kitsing M, editors, Information Systems for Intelligent Systems - Proceedings of ISBM 2024. Springer Science and Business Media Deutschland GmbH. 2025. p. 29-39. (Smart Innovation, Systems and Technologies). doi: 10.1007/978-981-96-1206-2_4