Are Source Code Metrics “Good Enough” in Predicting Security Vulnerabilities?â€
Round 1
Reviewer 1 Report
The author tested the effectiveness of different machine learning algorithms in predicting potential security vulnerabilities, and did a lot of experiments to answer four research questions, which is a very meaningful work. For this manuscript, there are several suggestions as follows:
1) In the abstract part, the description of work contribution should be added, such as the specific results of the experiment.
2) In Section 2.2, the author can use a table to show the definition of source code metrics, which can reduce the length of the article and make it clearer.
3) In the background part, the author should briefly introduce the different algorithms used, and add some references to the relevant classical literature.
4) It is suggested to add more descriptions of future work in the last section, to show the sustainability of this research.
Author Response
Reviewer 1 (All the changes are in red)
Comment 1: Descriptions of work contributions should be added, such as the specific results of the experiment.
Scope: Abstract
Response: We thank the reviewer for identifying this missing part. We have revised the Abstract to add information about contributions and results.
Comment 2: Authors can use a table to show the definition of source code metrics, which can reduce the length of the article and make it clearer.
Scope: Background
Response: Thank you for the suggestion. We have now put the metric definitions in a table, which certainly improved the presentation.
Comment 3: Authors should briefly introduce the different algorithms used, and add some references to the relevant classical literature.
Scope: Background
Response: We thank the reviewer for this suggestion. We agree. Indeed, this useful part was missing in the original submission. We have now added a new subsection to elaborate on the theoretical details of the ML algorithms used.
Comment 4: To update Future work for more insights.
Scope: Conclusion
Response: Thank you for this suggestion. We have now revised the Conclusion section to clarify further future plans.
Comment 5: Revision of the article (grammar and writing)
Scope: Whole article
Response: We have revised the full manuscript to ensure we have acceptable writing and no grammar inaccuracies.
Reviewer 2 Report
Refer to the attached review report.
Comments for author File: 
Comments.pdf
Author Response
Reviewer 2 (All the changes are in red)
Comment 1: Numbers in the bars are too small
Scope: Background
Response: Thank you for identifying this issue. We have now replaced the figure with a more readable version.
Comment 2: Selection of machine learning algorithms must be justified clearly
Scope: Background, Method, Related Work
Response: We thank the reviewer for this similar suggestion by Reviewer 1. We have now introduced a new subsection in the Background section to introduce the ML algorithms. We also have updated parts in the Method section to justify the selection of ML algorithms.
Comment 3: “The best” term should be replaced
Scope: Whole document
Response: Thank you for this suggestion. We have now replaced the superlative terms with more claimable terms.
Comment 4: Value of n is unclear
Scope: Method
Response: We have now explained with examples how the value of n and the splits are calculated.
Comment 5: TP, TN etc should be defined more clearly.
Scope: Method
Response: We have defined TP, TN, FP, and FN clearly.
Comment 6: Answer to the title of this manuscript should be mentioned explicitly
Scope: Conclusion
Response: Thank you for this interesting suggestion. We have now clearly made a concluding statement in the Conclusion section to directly answer the question in our article title. Thus, we also have revised the whole Conclusion section.
Comment 7: Revision of the article (grammar and writing)
Scope: Whole article
Response: We have revised the full manuscript to ensure we have acceptable writing and no grammar inaccuracies.
