Do *developers* care about vulnerabilities

[jssmith1]

R3:

• The title (and for the rest of the paper) implies that developers actually care about vulnerabilities. Is this really the case?

[jssmith1]

Developers rank security issues as the highest priority for static analysis tools to detect:

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/07/ase-2016.pdf

(already cited... in the first paragraph) Need to make argument more explicitly or present more evidence

[jssmith1]

Related to #336

[jssmith1]

Security and emotion: sentiment analysis of security discussions on GitHub

Security related comments more emotional

Don't cite

[jssmith1]

In Section 1 we cite Christakis2016, which provides evidence that developers at least self-report that they care more about security issues than any other type of code issue.