Transforming the field of Vulnerability Prediction: Are Large Language Models the key?

Vulnerability prediction is an important mechanism for secure software development, as it enables the early identification and mitigation of software vulnerabilities. Vulnerability prediction models (VPMs) are machine learning (ML) models able to detect potentially vulnerable software components based on information retrieved from their source code. Despite the notable advancements in the field of vulnerability prediction, especially with the utilization of deep learning (DL) and text mining techniques, current literature still lacks a highly accurate, reliable, and practical VPM. Recently, the Large Language Models (LLMs), which have demonstrated remarkable capabilities in
text understand and processing, have started being utilized for vulnerability prediction, demonstrating highly promising results. The purpose of the present paper is to explore the utilization of LLMs in the field of vulnerability detection, identity challenges and open issues that still need to be addressed, and potentially propose directions for future research. Our analysis suggests that while LLM-based VPMs have outperformed traditional DL approaches in vulnerability prediction, significant challenges still
need to be addressed to be considered sufficiently accurate, reliable, and practical.