Searching Open-Source Vulnerability Function Based on Software Modularization
Round 1
Reviewer 1 Report
The authors have presented a vulnerable function detection method based on the software modularization method.
However, the manuscript must need to improve a lot for it to be accepted.
after line 78, please present the organization of the study.
The related work section is not sufficient. could you summarize the key findings in a tabular form?
Please provide a brief description of what is software modularization and the methods you have followed. (eg : BMVul, B2sFinder , Louvain)
At the end of section 4 please provide a brief comparison with similar research in terms of precision matrics.
The conclusion section should be improved. With the achieved accuracy how it will become useful for other researchers and software vulnerability detection.
Author Response
Please see the attachment.
Author Response File: Author Response.docx
Reviewer 2 Report
The authors have worked on a very important topic and have presented a new technique of detecting vulnerable functions reused in opensource libraries. However, a number of other studies are recently published which seem not to be considered by the authors. Some such studies are mentioned below. It will be of the interest for the research community to have a performance comparison of the proposed technique with the techniques presented in these studies, in terms of cost -benefit analysis(ROI), in terms of efficiency and complexity.
Shortcomings of the proposed model are also not presented which may help in selecting a technique which is very important.
Ding, Y., Suneja, S., Zheng, Y., Laredo, J., Morari, A., Kaiser, G., & Ray, B. (2022, March). VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements. In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) (pp. 959-970). IEEE.
Bowman, B., & Huang, H. H. (2020, September). VGRAPH: a robust vulnerable code clone detection system using code property triplets. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 53-69). IEEE.
Zhao, Q., Huang, C., & Dai, L. (2022). VULDEFF: Vulnerability detection method based on function fingerprints and code differences. Knowledge-Based Systems, 110139.
Cao, S., Sun, X., Bo, L., Wei, Y., & Li, B. (2021). Bgnn4vd: constructing bidirectional graph neural-network for vulnerability detection. Information and Software Technology, 136, 106576.
Author Response
Please see the attachment.
Author Response File: Author Response.docx
Round 2
Reviewer 1 Report
With the revised version now the paper is well improved and would like to recommend for accept