SecureCode
Collection
10 items
•
Updated
•
3
Scott Thornton PRO
scthornton
AI & ML interests
AI/ML Security
Recent Activity
updated
a collection
2 days ago
SecureCode
liked
a dataset
2 days ago
scthornton/securecode-v2.1
upvoted
an
article
2 days ago
SecureCode v2.1: Why Generic Security Advice Doesn't Work for Framework-Specific Code
Organizations
updated
a
collection
2 days ago
liked
a
dataset
2 days ago
upvoted
an
article
2 days ago
Article
SecureCode v2.1: Why Generic Security Advice Doesn't Work for Framework-Specific Code
•
3
published
an
article
2 days ago
Article
SecureCode v2.1: Why Generic Security Advice Doesn't Work for Framework-Specific Code
•
3
reacted to
their
post with 🔥
2 days ago
Post
3429
SecureCode v2.1: framework-specific secure coding patterns, now on HuggingFace
Quick update on the SecureCode dataset. After testing the v2.0 models against real codebases, one gap kept showing up: the models understood *what* was insecure but generated language-generic fixes. A developer using Express.js doesn't need "set security headers"they need
What changed in v2.1:
- 1,435 total examples (v2.0's 1,216 baseline + 219 new framework-specific additions)
- 9 production frameworks: Express.js, Spring Boot, React, Next.js, FastAPI, GraphQL, SQLAlchemy, Flask, Vue.js
- 475 unique CVEs (73 new, including framework-specific treatments of Log4Shell, Spring4Shell, and others)
- 5-tier quality rubric: Every new example scores 90+/100 across correctness, new dataset average is nearly 97+, security hardening, real-world grounding, educational scaffolding, and production readiness
- Structured references: CVE IDs, advisory URLs, discovery/remediation dates, affected versions — not just "related to CVE-XXXX"
What stayed the same:
- Same 4-turn conversation format (compatible with existing fine-tuning workflows)
- Same license (CC BY-NC-SA 4.0)
- Full v2.0 baseline included — no need to download both
- All 8 fine-tuned models still work; v2.1-specific fine-tuning coming soon
The new examples look like this:
Instead of generic "use parameterized queries", you get Express.js with
Two configs to load:
Quick update on the SecureCode dataset. After testing the v2.0 models against real codebases, one gap kept showing up: the models understood *what* was insecure but generated language-generic fixes. A developer using Express.js doesn't need "set security headers"they need
helmet() middleware chains configured correctly. Spring Boot developers need @PreAuthorize annotations, not abstract RBAC pseudocode.What changed in v2.1:
- 1,435 total examples (v2.0's 1,216 baseline + 219 new framework-specific additions)
- 9 production frameworks: Express.js, Spring Boot, React, Next.js, FastAPI, GraphQL, SQLAlchemy, Flask, Vue.js
- 475 unique CVEs (73 new, including framework-specific treatments of Log4Shell, Spring4Shell, and others)
- 5-tier quality rubric: Every new example scores 90+/100 across correctness, new dataset average is nearly 97+, security hardening, real-world grounding, educational scaffolding, and production readiness
- Structured references: CVE IDs, advisory URLs, discovery/remediation dates, affected versions — not just "related to CVE-XXXX"
What stayed the same:
- Same 4-turn conversation format (compatible with existing fine-tuning workflows)
- Same license (CC BY-NC-SA 4.0)
- Full v2.0 baseline included — no need to download both
- All 8 fine-tuned models still work; v2.1-specific fine-tuning coming soon
The new examples look like this:
Instead of generic "use parameterized queries", you get Express.js with
express-validator input chains, Spring Boot with @Valid bean validation + BCryptPasswordEncoder, FastAPI with Depends() auth injection and Pydantic model validation, React with DOMPurify + CSP headers. Framework-native patterns you can actually deploy.Two configs to load:
from datasets import load_dataset
baseline = load_dataset("scthornton/securecode-v2.1", "v2.0-baseline") # 1,216
additions = load
posted
an
update
2 days ago
Post
3429
SecureCode v2.1: framework-specific secure coding patterns, now on HuggingFace
Quick update on the SecureCode dataset. After testing the v2.0 models against real codebases, one gap kept showing up: the models understood *what* was insecure but generated language-generic fixes. A developer using Express.js doesn't need "set security headers"they need
What changed in v2.1:
- 1,435 total examples (v2.0's 1,216 baseline + 219 new framework-specific additions)
- 9 production frameworks: Express.js, Spring Boot, React, Next.js, FastAPI, GraphQL, SQLAlchemy, Flask, Vue.js
- 475 unique CVEs (73 new, including framework-specific treatments of Log4Shell, Spring4Shell, and others)
- 5-tier quality rubric: Every new example scores 90+/100 across correctness, new dataset average is nearly 97+, security hardening, real-world grounding, educational scaffolding, and production readiness
- Structured references: CVE IDs, advisory URLs, discovery/remediation dates, affected versions — not just "related to CVE-XXXX"
What stayed the same:
- Same 4-turn conversation format (compatible with existing fine-tuning workflows)
- Same license (CC BY-NC-SA 4.0)
- Full v2.0 baseline included — no need to download both
- All 8 fine-tuned models still work; v2.1-specific fine-tuning coming soon
The new examples look like this:
Instead of generic "use parameterized queries", you get Express.js with
Two configs to load:
Quick update on the SecureCode dataset. After testing the v2.0 models against real codebases, one gap kept showing up: the models understood *what* was insecure but generated language-generic fixes. A developer using Express.js doesn't need "set security headers"they need
helmet() middleware chains configured correctly. Spring Boot developers need @PreAuthorize annotations, not abstract RBAC pseudocode.What changed in v2.1:
- 1,435 total examples (v2.0's 1,216 baseline + 219 new framework-specific additions)
- 9 production frameworks: Express.js, Spring Boot, React, Next.js, FastAPI, GraphQL, SQLAlchemy, Flask, Vue.js
- 475 unique CVEs (73 new, including framework-specific treatments of Log4Shell, Spring4Shell, and others)
- 5-tier quality rubric: Every new example scores 90+/100 across correctness, new dataset average is nearly 97+, security hardening, real-world grounding, educational scaffolding, and production readiness
- Structured references: CVE IDs, advisory URLs, discovery/remediation dates, affected versions — not just "related to CVE-XXXX"
What stayed the same:
- Same 4-turn conversation format (compatible with existing fine-tuning workflows)
- Same license (CC BY-NC-SA 4.0)
- Full v2.0 baseline included — no need to download both
- All 8 fine-tuned models still work; v2.1-specific fine-tuning coming soon
The new examples look like this:
Instead of generic "use parameterized queries", you get Express.js with
express-validator input chains, Spring Boot with @Valid bean validation + BCryptPasswordEncoder, FastAPI with Depends() auth injection and Pydantic model validation, React with DOMPurify + CSP headers. Framework-native patterns you can actually deploy.Two configs to load:
from datasets import load_dataset
baseline = load_dataset("scthornton/securecode-v2.1", "v2.0-baseline") # 1,216
additions = loadupdated
a
dataset
2 days ago
published
a
dataset
2 days ago
Convert to Parquet format (fixes datasets >= 4.0.0 compatibility) Fixes https://huggingface.co/datasets/scthornton/securecode-v2/discussions/2 - Removes deprecated loading script - Uses modern Parquet format - Aligns schema across all splits - Compatible with datasets >= 4.0.0
1
#3 opened 6 days ago
by
perfecXion
Cannot load dataset anymore
1
#2 opened 9 days ago
by
AetherPrior
updated
a
dataset
6 days ago
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add paper citation and comprehensive model card
#2 opened 13 days ago
by
perfecXion
Add arXiv citation (arxiv:2512.18542) to link paper
#1 opened 13 days ago
by
perfecXion