Software vulnerability detection is a critical task for securing software systems and can be formulated as a binary classification problem: given a code snippet, determine whether it contains a vulnerability. Existing multimodal approaches typically fuse Natural Code Sequence (NCS) representations from pretrained language models with Code Property Graph (CPG) representations from graph neural networks, often under the implicit assumption that adding a modality necessarily yields extra information. In practice, sequence and graph representations can be redundant, and fluctuations in the quality of the graph modality can dilute the discriminative signal of the dominant modality. To address this, we propose TaCCS-DFA, a framework that introduces Fisher information as a geometric measure of how sensitive feature directions are to the classification decision, enabling task-oriented complementary fusion. TaCCS-DFA online estimates a low-rank principal Fisher subspace and restricts cross-modal attention to task-sensitive directions, thereby retrieving structural features from CPG that complement the sequence modality; meanwhile, an adaptive gating mechanism dynamically adjusts the contribution of the graph modality for each sample to suppress noise propagation. Our analysis shows that, under an isotropic perturbation assumption, the proposed mechanism admits a tighter risk bound than conventional full-spectrum attention. Experiments on BigVul, Devign, and ReVeal show that TaCCS-DFA achieves strong performance across multiple backbones. With CodeT5 as the backbone, TaCCS-DFA reaches an F1 score of 87.80\% on the highly imbalanced BigVul dataset, improving over a strong baseline Vul-LMGNNs by 6.3 percentage points while maintaining low calibration error and computational overhead.

翻译：软件漏洞检测是保障软件系统安全的关键任务，可形式化为二分类问题：给定代码片段，判断其是否包含漏洞。现有多模态方法通常将预训练语言模型提取的自然代码序列表征与图神经网络提取的代码属性图表征进行融合，其隐含假设是增加模态必然能提供额外信息。然而实践中，序列与图表征可能存在冗余，且图模态的质量波动可能稀释主导模态的判别性信号。为此，我们提出TaCCS-DFA框架，该框架引入Fisher信息作为特征方向对分类决策敏感度的几何度量，实现任务导向的互补融合。TaCCS-DFA在线估计低秩主Fisher子空间，并将跨模态注意力限制于任务敏感方向，从而从代码属性图中提取与序列模态互补的结构特征；同时，自适应门控机制动态调整每个样本中图模态的贡献度以抑制噪声传播。理论分析表明，在各向同性扰动假设下，所提机制比传统全谱注意力具有更紧致的风险界。在BigVul、Devign和ReVeal数据集上的实验表明，TaCCS-DFA在多种骨干网络上均取得优异性能。以CodeT5为骨干网络时，TaCCS-DFA在高度不平衡的BigVul数据集上达到87.80%的F1分数，较强基线Vul-LMGNNs提升6.3个百分点，同时保持较低的校准误差与计算开销。