Next Article in Journal
An Anomaly Detection Method for Wireless Sensor Networks Based on the Improved Isolation Forest
Previous Article in Journal
DRL-FVRestore: An Adaptive Selection and Restoration Method for Finger Vein Images Based on Deep Reinforcement
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 2
10.3390/app13020701
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Searching Open-Source Vulnerability Function Based on Software Modularization

Appl. Sci. 2023, 13(2), 701; https://doi.org/10.3390/app13020701
by Xixi Guo, Ruijie Cai *, Xiaokang Yin, Wenqiang Shao and Shengli Liu
Reviewer 2:
Sara Shahzad
Appl. Sci. 2023, 13(2), 701; https://doi.org/10.3390/app13020701
Submission received: 1 December 2022 / Revised: 28 December 2022 / Accepted: 30 December 2022 / Published: 4 January 2023

Round 1

Reviewer 1 Report

The authors have presented a vulnerable function detection method based on the software modularization method.

However, the manuscript must need to improve a lot for it to be accepted.

after line 78, please present the organization of the study.

The related work section is not sufficient. could you summarize the key findings in a tabular form?

Please provide a brief description of what is software modularization and the methods you have followed. (eg : BMVul, B2sFinder , Louvain)

At the end of section 4 please provide a brief comparison with similar research in terms of precision matrics.

The conclusion section should be improved. With the achieved accuracy how it will become useful for other researchers and software vulnerability detection. 

 

 

 

 

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 2 Report

The authors have worked on a very important topic and have presented a new technique of detecting vulnerable functions reused in opensource libraries. However, a number of other studies are recently published which seem not to be considered by the authors. Some such studies are mentioned below. It will be of the interest for the research community to have a performance comparison of the proposed technique with the techniques presented in these studies, in terms of cost -benefit analysis(ROI), in terms of efficiency and complexity.

Shortcomings of the proposed model are also not presented which may help in selecting a technique which is very important.   

Ding, Y., Suneja, S., Zheng, Y., Laredo, J., Morari, A., Kaiser, G., & Ray, B. (2022, March). VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements. In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) (pp. 959-970). IEEE.

Bowman, B., & Huang, H. H. (2020, September). VGRAPH: a robust vulnerable code clone detection system using code property triplets. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 53-69). IEEE.

Zhao, Q., Huang, C., & Dai, L. (2022). VULDEFF: Vulnerability detection method based on function fingerprints and code differences. Knowledge-Based Systems, 110139.

Cao, S., Sun, X., Bo, L., Wei, Y., & Li, B. (2021). Bgnn4vd: constructing bidirectional graph neural-network for vulnerability detection. Information and Software Technology136, 106576.

 

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Round 2

Reviewer 1 Report

With the revised version now the paper is well improved and would like to recommend for accept

 

Back to TopTop