Solutions

 

Fixers: Revolutionizing how security bugs are handled

OpenRefactory offers fixers that automatically analyze source code for security defects and create fix reports with patches. The patches can be applied automatically. Alternatively, developers can review and approve the patches; then the patches are applied to the source code.

Benefits of using OpenRefactory tools:

1. Saves time and money spent on chasing bugs
2. Helps produce better code with higher safety, security, and reliability standards
3. Produces code compliant to secure coding standards (MISRA, CERT, etc.,)
4. Suggests trustworthy fixes that do not break the syntax and the semantics of code
5. Learns coding conventions and follows them; so the patches can be applied with minimal review.

 

Products

August 2017: OpenRefactory/C Beta release. Sign Up and/or Log In to try the safety, security and compliance fixers.

C, which continues to be widely used, presents a particular challenge in terms of security. It is a double-edged sword: it offers tremendous capability, even for the less-experienced developer, but at the same time it is very easy in C to make mistakes that are very subtle—and are thus hard to detect and hard to fix.

OpenRefactory/C provides tools so C developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Buffer overflow,
2. Integer overflow/underflow,
3. Integer signedness and widthness,
4. Memory corruption,
5. Memory leaks, and
6. Concurrency bugs (future).

Security standard compliance

Applications developed in C, especially by developers of medical devices and automobile automation tools, have to be written extra-carefully because of the sensitive nature of use. There are many secure coding standards that are available, e.g., CERT secure coding guidelines and MISRA C standards. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

Refactoring

Tools for correctly performing 12 refactorings, e.g., Rename, Extract Function, Extract Local Variable, Move Function, Change Function Signature, etc. C refactoring tools available in IDEs, such as Eclipse, Visual Studio, CLion, XCode, are not reliable—(1) they offer simple refactorings, (2) the refactoring breaks syntactic integrity (code does not compile) as well as semantic integrity (code has different behavior). Our tools refactor code correctly—we guarantee it.

Who needs OpenRefactory/C?

1. Embedded systems and IoT developers
2. Box and device developers working on low-level kernel code and device drivers
3. Medical device developers
4. Smart car developers
5. Government agencies with critical infrastructure

OpenRefactory/Java will be released in 2018.

Java is the most popular programming language in the world. It is more secure than C by design, yet there are several security and reliability problems that riddle developers.

OpenRefactory/Java provides tools so Java developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Null pointer exception,
2. SQL injection,
3. Integer handling issues,
4. Resource leaks,
5. Weak cryptography, and
6. Concurrency bugs.

Security standard compliance

Security critical Java applications have to follow secure coding standards, such as the CERT secure Java coding standard. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

API update

Tools for updating code to match the security API in an updated Java version. Java 7 introduced better API methods for handling concurrency. Java 7,8, and 9 introduced better API methods for cryptographic operations. Our tools automatically update code to use newly introduced API functions.

Who needs OpenRefactory/Java?

1. Enterprise Java developers
2. Database application developers
3. Web Service developers

OpenRefactory/Android will be released in 2018.

Android applications that are written in Java may have their own class of security problems.

OpenRefactory/Android provides tools so Android developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Data storage security,
2. Configuration file issues,
3. Network resource security,
4. Intent verification,
5. Weak cryptography, and
6. Concurrency bugs.

Security standard compliance

CERT is in the process of preparing a secure coding standard for Android application developers. Google also suggests some best practices for Android developers. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

API update

Android API evolves rapidly—new secure API methods are introduced that replace old (and sometimes deprecated) methods. An example is the updated API methods for cryptographic operations. Our tools automatically update code to use newly introduced API functions.

Who needs OpenRefactory/Android?

1. Large companies with Android apps
2. Android-based game development companies
3. Transactional application developers

What sets OpenRefactory apart from other companies in the security bug space?

 

Other companies in the security bug space only detect security bugs. Even these reports contain a lot of false positives. Our tools fix bugs because that is the ultimate goal. The capabilities provided by our tools cover the tasks on which developers spend about 20% of their time. Developers use our tools while they are writing code, unlike bug detection tools that run in post-commit phase.

 

What is the current availability of OpenRefactory?

 

At the present time, we are soliciting companies for product trial lasting two months. Companies that want to use our product beyond the trial period will be required to enter into a partnership agreement with us.