OpenVul-Qwen3-4B-SFT-ep3: C/C++ Vulnerability Detection

This model, developed by Youpeng Li, Fuxun Yu, and Xinda Wang, is a 4 billion parameter Qwen3-based language model specifically fine-tuned for identifying security vulnerabilities in C/C++ code. It focuses on detecting flaws aligned with Common Weakness Enumeration (CWE) standards.

Key Capabilities

• Context-Level Vulnerability Detection: Unlike models that analyze isolated functions, OpenVul-Qwen3-4B-SFT-ep3 utilizes inter-procedural contexts, including global variables, type definitions, and callee functions, for more comprehensive analysis.
• Vulnerability Reasoning: The model was fine-tuned on high-quality vulnerability reasoning Chain-of-Thought (CoT) data, enhancing its ability to follow instructions and establish basic security expertise.
• Rejection Sampling Training: Training involved rejection sampling distilled from DeepSeek-R1-0528, a method chosen to prevent "ground-truth leakage" and reasoning hallucinations during data curation.

Use Cases

• Automated Code Security Analysis: Ideal for integrating into CI/CD pipelines to automatically scan C/C++ codebases for potential security vulnerabilities.
• Developer Tooling: Can assist developers in identifying and understanding security flaws during the coding process.
• Security Auditing: Provides a foundational backbone for more in-depth security audits by pinpointing areas of concern.

For more technical details, refer to the associated paper and the GitHub repository.