This invention is a computer-implemented method and system of using a secondary classification algorithm after using a primary source code vulnerability scanning tool to more accurately label true and false vulnerabilities in source code. The method and system use machine learning within a 10% dataset to develop a classifier model algorithm. A selection process identifies the most important features utilized in the algorithm to detect and distinguish the true and false positive findings of the static code analysis results. A personal identifier is used as a critical feature for the classification. The model is validated by experimentation and comparison against thirteen existing classifiers.