About OpenRefactory

 

Security bugs, when exploited, are extremely costly. There are expenses for damage control, the expedited effort to deliver the remedies, and the restoring of a tarnished reputation. 

Bugs are created at a faster pace than developers can deal with them. They outsmart even the best of software teams. Even if developers use existing automated tools to detect bugs, they still have to fix them manually. 

But dream a little: What if the developers didn’t have to get bogged down with bug fixes? What if they had access to a cache of automated fixers that not only detected bugs but also fixed them? How much of a productivity increase would you see? How much money would you save? 

That’s where OpenRefactory comes in.

Our fixers are the only service in the market that deal with safety, security, reliability, and compliance bugs, fully automated in an end-to-end manner. 

Developers already work hard. OpenRefactory’s fixers help them work more efficiently and produce better code—therefore reducing the probability the next security exploit will occur.

Solutions

 

Fixers: Revolutionizing how security bugs are handled

OpenRefactory offers fixers that automatically analyze source code for security defects and create fix reports with patches. The patches can be applied automatically. Alternatively, developers can review and approve the patches; then the patches are applied to the source code.

Benefits of using OpenRefactory tools:

1. Saves time and money spent on chasing bugs
2. Helps produce better code with higher safety, security, and reliability standards
3. Produces code compliant to secure coding standards (MISRA, CERT, etc.,)
4. Suggests trustworthy fixes that do not break the syntax and the semantics of code
5. Learns coding conventions and follows them; so the patches can be applied with minimal review.

 

Products

August 2017: OpenRefactory/C Beta release. Sign Up and/or Log In to try the safety, security and compliance fixers.

C, which continues to be widely used, presents a particular challenge in terms of security. It is a double-edged sword: it offers tremendous capability, even for the less-experienced developer, but at the same time it is very easy in C to make mistakes that are very subtle—and are thus hard to detect and hard to fix.

OpenRefactory/C provides tools so C developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Buffer overflow,
2. Integer overflow/underflow,
3. Integer signedness and widthness,
4. Memory corruption,
5. Memory leaks, and
6. Concurrency bugs (future).

Security standard compliance

Applications developed in C, especially by developers of medical devices and automobile automation tools, have to be written extra-carefully because of the sensitive nature of use. There are many secure coding standards that are available, e.g., CERT secure coding guidelines and MISRA C standards. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

Refactoring

Tools for correctly performing 12 refactorings, e.g., Rename, Extract Function, Extract Local Variable, Move Function, Change Function Signature, etc. C refactoring tools available in IDEs, such as Eclipse, Visual Studio, CLion, XCode, are not reliable—(1) they offer simple refactorings, (2) the refactoring breaks syntactic integrity (code does not compile) as well as semantic integrity (code has different behavior). Our tools refactor code correctly—we guarantee it.

Who needs OpenRefactory/C?

1. Embedded systems and IoT developers
2. Box and device developers working on low-level kernel code and device drivers
3. Medical device developers
4. Smart car developers
5. Government agencies with critical infrastructure

OpenRefactory/Java will be released in 2018.

Java is the most popular programming language in the world. It is more secure than C by design, yet there are several security and reliability problems that riddle developers.

OpenRefactory/Java provides tools so Java developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Null pointer exception,
2. SQL injection,
3. Integer handling issues,
4. Resource leaks,
5. Weak cryptography, and
6. Concurrency bugs.

Security standard compliance

Security critical Java applications have to follow secure coding standards, such as the CERT secure Java coding standard. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

API update

Tools for updating code to match the security API in an updated Java version. Java 7 introduced better API methods for handling concurrency. Java 7,8, and 9 introduced better API methods for cryptographic operations. Our tools automatically update code to use newly introduced API functions.

Who needs OpenRefactory/Java?

1. Enterprise Java developers
2. Database application developers
3. Web Service developers

OpenRefactory/Android will be released in 2018.

Android applications that are written in Java may have their own class of security problems.

OpenRefactory/Android provides tools so Android developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Data storage security,
2. Configuration file issues,
3. Network resource security,
4. Intent verification,
5. Weak cryptography, and
6. Concurrency bugs.

Security standard compliance

CERT is in the process of preparing a secure coding standard for Android application developers. Google also suggests some best practices for Android developers. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

API update

Android API evolves rapidly—new secure API methods are introduced that replace old (and sometimes deprecated) methods. An example is the updated API methods for cryptographic operations. Our tools automatically update code to use newly introduced API functions.

Who needs OpenRefactory/Android?

1. Large companies with Android apps
2. Android-based game development companies
3. Transactional application developers

What sets OpenRefactory apart from other companies in the security bug space?

 

Other companies in the security bug space only detect security bugs. Even these reports contain a lot of false positives. Our tools fix bugs because that is the ultimate goal. The capabilities provided by our tools cover the tasks on which developers spend about 20% of their time. Developers use our tools while they are writing code, unlike bug detection tools that run in post-commit phase.

 

What is the current availability of OpenRefactory?

 

At the present time, we are soliciting companies for product trial lasting two months. Companies that want to use our product beyond the trial period will be required to enter into a partnership agreement with us.

Team

Munawar Hafiz

Co-founder & CEO

Munawar Hafiz has over fifteen years of research experience in program analysis and transformation technologies. He has worked in the academia as an Assistant Professor at Auburn University, and in the industry as a Senior Software Engineer at Coverity. His work was supported by several awards from NSF, Google, Mozilla, etc. His students have won several best paper awards at top ACM and IEEE conferences and won several student research competition awards including the ACM student research competition grand finals in 2013 which was awarded at the Turing Award ceremony. His team at Coverity released the first commercial security vulnerability detection tool for JavaScript and Android. Dr. Hafiz received his Ph.D. and MS in computer science from UIUC and his B.Sc. Engg. degree in computer science and engineering from BUET.

Moe Rubenzahl

VP Marketing

Moe Rubenzahl is a marketing strategy consultant in Silicon Valley, with over 30 years of deep marketing experience covering strategy, brand and messaging, personas, demand gen, marketing communications, and Internet marketing (including search and content marketing). He provided marketing strategy for over 50 clients worldwide in the past five years. He was Executive Director of Internet Marketing for Maxim Integrated, a $2.5B semiconductor manufacturer. Before that, he was the Marketing Director for Videonics, a consumer electronics startup that made video editing gear for videographers, which he saw through its public offering. He began his career at Hewlett-Packard in design engineering and product marketing roles.

Charlie Bedard

Co-founder & Chief Business Officer

Charlie Bedard is a veteran of over 35 years in Silicon valley. He has worked for both large corporations and entrepreneurial startups. Among the large corporations, Charlie was System Architect and Senior Manager at BNRInc., the R&D arm of Nortel, Senior Manager, Macintosh Operating Systems at Apple and a Director of Software Engineering at Cisco Systems. As an entrepreneur, Charlie co-founded Starlight Networks, an industry pioneer in streaming video. Charlie was also VP of Engineering at Onlive! Technologies, which pioneered social and collaborative networking using VoIP technologies. Most recently, Charlie was a founding member of Inventergy Inc., now a publicly traded firm on NASDAQ, and Impact Engineered Wood, a manufacturing company with an exciting new building material; the company is still operational.

Benjamin Madany

Co-founder & Lead S/W Engineer

Benjamin Madany is the Software Engineering Lead of OpenRefactory, Inc. He has spent time working on research at EMC and as an engineer for LenovoEMC. He graduated with a B.S. in computer science from Boston College. He commands deep knowledge on the technical challenges of developing compilers and static analysis tools.

Howard Bailey

Chief Financial Officer

Howard Bailey has been a financial expert in Silicon Valley for over 35 years. He began as a comptroller with Intel and grew into Chief Financial Officer positions at a number of valley startups. He has been a CFO and/or a board member for over 30 years. His experience includes multiple public offerings and many other types of capital raises. He has much experience with taking companies public and selling them, one as recently as November 2017.

Jeffrey Ullman

Dr. Jeffrey Ullman is the Stanford W. Ascherman Professor of Computer Science (Emeritus). His books on database, theory of computation, and compilers are standard bearers in these fields. His interests include database theory, database integration, data mining, and education using the information infrastructure. He became a Fellow of the ACM in 1995 and received the Knuth Prize in 2000. Dr. Ullman was the co-recipient of IEEE John von Neumann Medal in 2010. He received his Ph.D. from Princeton University.

Robert Bowdidge

Robert Bowdidge is a software tools developer interested both in how programmers work, and how to build tools to help programmers become more productive.  Robert’s focus has been on tools for code understanding and manipulation.  He implemented early user interfaces for refactoring tools while in graduate school, implemented refactoring support in Apple’s Xcode IDE, and completed a million line refactoring cleanup while at Google.  Robert has also developed bug finding tools, performance analysis tools, and compilers.   Robert received his Ph.D. in Computer Science from the University of California, San Diego, in 1995, and his B.A. in Computer Science from the University of California, Berkeley, in 1989.  Robert is currently building tools at Fungible, working on a platform for data centers.

Mushfique Manzoor

Mushfique Manzoor is an experienced result-driven business professional with over 17 years of experience in marketing and business development in multiple industries and verticals in Telecom, Food & Grocery Retail, Logistics and Fast-moving Consumer Goods (FMCG) industries. He has obtained his MBA and BBA from Institute of Business Administration, University of Dhaka, Bangladesh and has worked in Singapore, Vietnam, Nepal and Bangladesh.

Latif Nathani

Latif Nathani has spent 26 years as a student of technology and leadership. During this journey, he has gone from being a TCP/IP engineer to leading startup/global functional roles to subsidiary GM leadership. These experiences are spread across emerging and developed markets and engineering and business teams. He is a business builder, digital enthusiast and passionate storyteller. As the Vice President and Managing Director of eBay India, he was in charge of the eBay India merger with Flipkart. He has squeezed clarity from chaos, painted visions and inspired/coached great teams.

Post

Careers

(SENIOR) SOFTWARE ENGINEER

Bay Area, CA

We are looking for developers who are passionate about compilers, static analysis, and machine learning to join our team.

Minimum Qualifications:

  • BS degree in Computer Science, MS for senior position.
  • Software development experience in one or more general purpose programming languages.
  • Experience with Java, C, Python.
  • Experience with Search Based Software Engineering and relevant Machine Learning Techniques

Preferred Qualifications: 

  • 3 years of full time experience (can be substituted by documented open source development experience).
  • Previous experience in compiler technologies, especially parsing and static analysis.
  • Knowledge about Makefile-s and build systems.
  • Experience working with Unix/Linux environments and developing large software systems.

 

Send your resume to info@openrefactory.com