Drivers of Secure and Correct Code: A Factorial Study of Size, Pre-Training, and Data Quality. Liguori, P., Krasniqi, R., & Cotroneo, D. In 2026 56th Annual IEEE International Conference on Dependable Systems and Networks Workshops (DSN-W), pages 70–76, Charlotte, NC, USA, 2026. IEEE.
Paper doi abstract bibtex Large Language Models (LLMs) are increasingly adopted as code generation tools in professional and safety-critical contexts, yet the factors influencing the correctness and security of their output remain poorly understood. This lack of transparency poses a significant barrier to the deployment of LLMs in regulated environments. This paper presents a systematic, full-factorial study of three controllable factors in the LLM training pipeline (model size, training process, and training data quality) and quantifies their effect on Java code generation. By fine-tuning three BLOOM variants (560M, 1.1B, 3B) under two training regimes on both original and security-sanitized versions of the "The-Vault" dataset, we analyze 12 distinct configurations evaluated against CodeBLEU, Edit Distance Similarity, percentage of parsable code and percentage of secure code. Statistical analysis via ANOVA reveals that pre-training and model size are the dominant drivers, jointly explaining over 83% of variance in correctness metrics. Specifically, we identify a significant Size×Dataset interaction (accounting for 20.58% of secure code variance) which shows that security-aware data curation becomes increasingly impactful as model capacity grows, but only when combined with pre-training. These results suggest that security in AI-generated code is not merely a function of data volume, but an emergent property of model scale, initialization strategy, and their interaction with data curation.
@inproceedings{liguori_drivers_2026,
address = {Charlotte, NC, USA},
title = {Drivers of {Secure} and {Correct} {Code}: {A} {Factorial} {Study} of {Size}, {Pre}-{Training}, and {Data} {Quality}},
copyright = {https://doi.org/10.15223/policy-029},
isbn = {9798319532442},
shorttitle = {Drivers of {Secure} and {Correct} {Code}},
url = {https://ieeexplore.ieee.org/document/11594498/},
doi = {10.1109/DSN-W70714.2026.00031},
abstract = {Large Language Models (LLMs) are increasingly adopted as code generation tools in professional and safety-critical contexts, yet the factors influencing the correctness and security of their output remain poorly understood. This lack of transparency poses a significant barrier to the deployment of LLMs in regulated environments. This paper presents a systematic, full-factorial study of three controllable factors in the LLM training pipeline (model size, training process, and training data quality) and quantifies their effect on Java code generation. By fine-tuning three BLOOM variants (560M, 1.1B, 3B) under two training regimes on both original and security-sanitized versions of the "The-Vault" dataset, we analyze 12 distinct configurations evaluated against CodeBLEU, Edit Distance Similarity, percentage of parsable code and percentage of secure code. Statistical analysis via ANOVA reveals that pre-training and model size are the dominant drivers, jointly explaining over 83\% of variance in correctness metrics. Specifically, we identify a significant Size×Dataset interaction (accounting for 20.58\% of secure code variance) which shows that security-aware data curation becomes increasingly impactful as model capacity grows, but only when combined with pre-training. These results suggest that security in AI-generated code is not merely a function of data volume, but an emergent property of model scale, initialization strategy, and their interaction with data curation.},
urldate = {2026-07-13},
booktitle = {2026 56th {Annual} {IEEE} {International} {Conference} on {Dependable} {Systems} and {Networks} {Workshops} ({DSN}-{W})},
publisher = {IEEE},
author = {Liguori, Pietro and Krasniqi, Rrezarta and Cotroneo, Domenico},
year = {2026},
keywords = {Conference Workshop Papers},
pages = {70--76},
}
Downloads: 0
{"_id":"EGpC4a6quyxgwSBpY","bibbaseid":"liguori-krasniqi-cotroneo-driversofsecureandcorrectcodeafactorialstudyofsizepretraininganddataquality-2026","author_short":["Liguori, P.","Krasniqi, R.","Cotroneo, D."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","address":"Charlotte, NC, USA","title":"Drivers of Secure and Correct Code: A Factorial Study of Size, Pre-Training, and Data Quality","copyright":"https://doi.org/10.15223/policy-029","isbn":"9798319532442","shorttitle":"Drivers of Secure and Correct Code","url":"https://ieeexplore.ieee.org/document/11594498/","doi":"10.1109/DSN-W70714.2026.00031","abstract":"Large Language Models (LLMs) are increasingly adopted as code generation tools in professional and safety-critical contexts, yet the factors influencing the correctness and security of their output remain poorly understood. This lack of transparency poses a significant barrier to the deployment of LLMs in regulated environments. This paper presents a systematic, full-factorial study of three controllable factors in the LLM training pipeline (model size, training process, and training data quality) and quantifies their effect on Java code generation. By fine-tuning three BLOOM variants (560M, 1.1B, 3B) under two training regimes on both original and security-sanitized versions of the \"The-Vault\" dataset, we analyze 12 distinct configurations evaluated against CodeBLEU, Edit Distance Similarity, percentage of parsable code and percentage of secure code. Statistical analysis via ANOVA reveals that pre-training and model size are the dominant drivers, jointly explaining over 83% of variance in correctness metrics. Specifically, we identify a significant Size×Dataset interaction (accounting for 20.58% of secure code variance) which shows that security-aware data curation becomes increasingly impactful as model capacity grows, but only when combined with pre-training. These results suggest that security in AI-generated code is not merely a function of data volume, but an emergent property of model scale, initialization strategy, and their interaction with data curation.","urldate":"2026-07-13","booktitle":"2026 56th Annual IEEE International Conference on Dependable Systems and Networks Workshops (DSN-W)","publisher":"IEEE","author":[{"propositions":[],"lastnames":["Liguori"],"firstnames":["Pietro"],"suffixes":[]},{"propositions":[],"lastnames":["Krasniqi"],"firstnames":["Rrezarta"],"suffixes":[]},{"propositions":[],"lastnames":["Cotroneo"],"firstnames":["Domenico"],"suffixes":[]}],"year":"2026","keywords":"Conference Workshop Papers","pages":"70–76","bibtex":"@inproceedings{liguori_drivers_2026,\n\taddress = {Charlotte, NC, USA},\n\ttitle = {Drivers of {Secure} and {Correct} {Code}: {A} {Factorial} {Study} of {Size}, {Pre}-{Training}, and {Data} {Quality}},\n\tcopyright = {https://doi.org/10.15223/policy-029},\n\tisbn = {9798319532442},\n\tshorttitle = {Drivers of {Secure} and {Correct} {Code}},\n\turl = {https://ieeexplore.ieee.org/document/11594498/},\n\tdoi = {10.1109/DSN-W70714.2026.00031},\n\tabstract = {Large Language Models (LLMs) are increasingly adopted as code generation tools in professional and safety-critical contexts, yet the factors influencing the correctness and security of their output remain poorly understood. This lack of transparency poses a significant barrier to the deployment of LLMs in regulated environments. This paper presents a systematic, full-factorial study of three controllable factors in the LLM training pipeline (model size, training process, and training data quality) and quantifies their effect on Java code generation. By fine-tuning three BLOOM variants (560M, 1.1B, 3B) under two training regimes on both original and security-sanitized versions of the \"The-Vault\" dataset, we analyze 12 distinct configurations evaluated against CodeBLEU, Edit Distance Similarity, percentage of parsable code and percentage of secure code. Statistical analysis via ANOVA reveals that pre-training and model size are the dominant drivers, jointly explaining over 83\\% of variance in correctness metrics. Specifically, we identify a significant Size×Dataset interaction (accounting for 20.58\\% of secure code variance) which shows that security-aware data curation becomes increasingly impactful as model capacity grows, but only when combined with pre-training. These results suggest that security in AI-generated code is not merely a function of data volume, but an emergent property of model scale, initialization strategy, and their interaction with data curation.},\n\turldate = {2026-07-13},\n\tbooktitle = {2026 56th {Annual} {IEEE} {International} {Conference} on {Dependable} {Systems} and {Networks} {Workshops} ({DSN}-{W})},\n\tpublisher = {IEEE},\n\tauthor = {Liguori, Pietro and Krasniqi, Rrezarta and Cotroneo, Domenico},\n\tyear = {2026},\n\tkeywords = {Conference Workshop Papers},\n\tpages = {70--76},\n}\n\n","author_short":["Liguori, P.","Krasniqi, R.","Cotroneo, D."],"key":"liguori_drivers_2026","id":"liguori_drivers_2026","bibbaseid":"liguori-krasniqi-cotroneo-driversofsecureandcorrectcodeafactorialstudyofsizepretraininganddataquality-2026","role":"author","urls":{"Paper":"https://ieeexplore.ieee.org/document/11594498/"},"keyword":["Conference Workshop Papers"],"metadata":{"authorlinks":{}}},"bibtype":"inproceedings","biburl":"https://api.zotero.org/users/10198036/collections/2RHJXKSI/items?key=X0RoN8iO9RtTbrWfSkRasb7b&format=bibtex&limit=100","dataSources":["37aX9ioouEvzbunGp","JHDShjsHrs6ZHE4bz"],"keywords":["conference workshop papers"],"search_terms":["drivers","secure","correct","code","factorial","study","size","pre","training","data","quality","liguori","krasniqi","cotroneo"],"title":"Drivers of Secure and Correct Code: A Factorial Study of Size, Pre-Training, and Data Quality","year":2026}