This paper introduces a method to defend against adversarial patch attack with a certified approach inspired by randomized smoothing. The reviewers all agreed the method was simple and provided good robustness, but there was disagreement on whether or not the proposal was sufficiently interesting or just constituted a bag of tricks. I agree with the reviewers that the idea is not technically deep, but the results are strong and a simple approach that achieves strong results is worth publishing. The ideas in this paper should apply to other areas as well.