All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Based on the reviewers' comments, the paper has been accepted.
[# PeerJ Staff Note - this decision was reviewed and approved by Xiangjie Kong, a PeerJ Section Editor covering this Section #]
The authors add RQ4 and more thorough discussion about the empirical results. I am fine with the current version.
no comment
no comment
The indentation preceding the Research Questions section appears unusual, e.g. line 300. The authors may consider better formatting the paper.
no comment
no comment
no comment
My suggestion has been well addressed and some revision has been made. So I think this paper can be accepted.
The manuscript conducts a thorough investigation into information security, employing Latent Dirichlet Allocation to identify and categorize 38 key topics. However, improvements are suggested regarding the structure, specifically merging and refining the Introduction and Background/Related Work sections to eliminate redundancy. The paper's organization and methodology are commendable, particularly in data collection and preprocessing, with the incorporation of LDA for topic modeling being well-explained. One suggested improvement is to elaborate on Table A2 in the appendix under Research Question 4, enhancing the paper's depth. The paper presents detailed tables supporting the analysis results, bolstering the authors' claims effectively, with Tables 4 and 5 being particularly notable for their insights into the field of information security. However, some refinements could be made to enhance clarity and focus.
Overall, the paper shows promise but requires revisions to improve coherence and focus, especially in merging and refining sections for clarity, and once these adjustments are made, the paper would likely be suitable for acceptance.
**PeerJ Staff Note:** Please ensure that all review, editorial, and staff comments are addressed in a response letter and that any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
**Language Note:** PeerJ staff have identified that the English language needs to be improved. When you prepare your next revision, please either (i) have a colleague who is proficient in English and familiar with the subject matter review your manuscript, or (ii) contact a professional editing service to review your manuscript. PeerJ can provide language editing services - you can contact us at copyediting@peerj.com for pricing (be sure to provide your manuscript number and title). – PeerJ Staff
This manuscript conducts an empirical study on information security. It utilizes latent Dirichlet allocation (LDA) to analyze discussions from the Information Security Stack Exchange (ISSE), and identifies 38 key topics in information security society, which are further categorized into seven comprehensive areas. By exploring the distribution, evolution, popularity, and difficulty of information security topics over time, and identifying the most frequently used tasks, techniques, and tools, the study makes a good contribution to understanding and navigating the intricate domain of information security. The empirical results may provide insights for researchers or developers in this important area.
I list several potential improvements in 2. Experimental design. Please refer to this part for details.
This paper is well-organized and meticulously detailed, particularly in its explanation of the methods used for data collection and preprocessing. The authors have employed LDA-based (Latent Dirichlet Allocation) topic modeling to uncover 38 significant topics within the realm of information security. Moreover, the structure of the study is well designed around four research questions, which serve to dissect and examine the multifaceted issues in information security from various angles.
I especially like the last research question: "In the field of information security, which tasks, techniques, and tools are the most frequently employed?" This research question can actually provide a lot of insights to both researchers and developers. The authors try to build a connection between information security issues and information security-related technologies. Table A2 in appendix is quite interesting, I would suggest the authors discuss more details about this table under RQ4. (Improvement 1)
Besides, there are several perspectives I think could be added into this paper: What are the most common issues in information security? Are there any common solutions to these issues? What are the most common unresolved issues? Why are they so difficult to solve? I think these questions are what people do care about. For commonly resolved issues, people can refer to established solutions when encountering similar challenges. Conversely, for prevalent yet unresolved issues, individuals could concentrate on these problems once they become aware of them and endeavor to find resolutions.These results may enrich the study's contributions to the academic and practical discussions in information security.(Improvement 2)
The authors present very detailed and clear tables that effectively illustrate their analysis results, providing robust support for their claims. These tables serve as a vital component of the paper, enhancing the reader's comprehension of the findings and reinforcing the authors' arguments with empirical evidence.
This paper presents a thorough investigation of information security and identifies 38 related topics. Considering these topics, a comprehensive taxonomy of seven categories is devised in this paper to address information security issues. The language used in this paper is clear and fluent, which makes this paper easy to follow.
However, there are some weaknesses in the structure of this paper. And it could be further improved. In the INTRODUCTION and BACKGROUND AND RELATED WORK parts, the contents in those two parts are somewhat repetitive and redundant. My suggestion is to merge and divide those two parts into INTRODUCTION and RELATED WORK. In INTRODUCTION, the authors can give a thorough introduction of the topic and background. Then in RELATED WORK, the authors can present some specific and representative works by the timeline.
No comment
For different difficulty levels of the 38 topics mentioned in this paper, the authors analyze the temporal trends, related descriptive indicators, and tags of those topics. It does have certain contributions and is instructive for the academic research of those fields. Especially for tables 4 and 5, I think it has some contributions to this field.
Overall, I think this paper can be accepted after the above-mentioned problems are revised.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.