About OpenRefactory

 

Security bugs, when exploited, are extremely costly. There are expenses for damage control, the expedited effort to deliver the remedies, and the restoring of a tarnished reputation. 

Bugs are created at a faster pace than developers can deal with them. They outsmart even the best of software teams. Even if developers use existing automated tools to detect bugs, they still have to fix them manually. 

But dream a little: What if the developers didn’t have to get bogged down with bug fixes? What if they had access to a cache of automated fixers that not only detected bugs but also fixed them? How much of a productivity increase would you see? How much money would you save? 

That’s where OpenRefactory comes in.

Our fixers are the only service in the market that deal with safety, security, reliability, and compliance bugs, fully automated in an end-to-end manner. 

Developers already work hard. OpenRefactory’s fixers help them work more efficiently and produce better code—therefore reducing the probability the next security exploit will occur.

Solutions

 

Fixers: Revolutionizing how security bugs are handled

OpenRefactory offers fixers that automatically analyze source code for security defects and create fix reports with patches. The patches can be applied automatically. Alternatively, developers can review and approve the patches; then the patches are applied to the source code.

Benefits of using OpenRefactory tools:

1. Saves time and money spent on chasing bugs
2. Helps produce better code with higher safety, security, and reliability standards
3. Produces code compliant to secure coding standards (MISRA, CERT, etc.,)
4. Suggests trustworthy fixes that do not break the syntax and the semantics of code
5. Learns coding conventions and follows them; so the patches can be applied with minimal review.

 

Products

August 2017: OpenRefactory/C Beta release. Sign Up and/or Log In to try the safety, security and compliance fixers.

C, which continues to be widely used, presents a particular challenge in terms of security. It is a double-edged sword: it offers tremendous capability, even for the less-experienced developer, but at the same time it is very easy in C to make mistakes that are very subtle—and are thus hard to detect and hard to fix.

OpenRefactory/C provides tools so C developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Buffer overflow,
2. Integer overflow/underflow,
3. Integer signedness and widthness,
4. Memory corruption,
5. Memory leaks, and
6. Concurrency bugs (future).

Security standard compliance

Applications developed in C, especially by developers of medical devices and automobile automation tools, have to be written extra-carefully because of the sensitive nature of use. There are many secure coding standards that are available, e.g., CERT secure coding guidelines and MISRA C standards. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

Refactoring

Tools for correctly performing 12 refactorings, e.g., Rename, Extract Function, Extract Local Variable, Move Function, Change Function Signature, etc. C refactoring tools available in IDEs, such as Eclipse, Visual Studio, CLion, XCode, are not reliable—(1) they offer simple refactorings, (2) the refactoring breaks syntactic integrity (code does not compile) as well as semantic integrity (code has different behavior). Our tools refactor code correctly—we guarantee it.

Who needs OpenRefactory/C?

1. Embedded systems and IoT developers
2. Box and device developers working on low-level kernel code and device drivers
3. Medical device developers
4. Smart car developers
5. Government agencies with critical infrastructure

OpenRefactory/Java will be released in 2018.

Java is the most popular programming language in the world. It is more secure than C by design, yet there are several security and reliability problems that riddle developers.

OpenRefactory/Java provides tools so Java developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Null pointer exception,
2. SQL injection,
3. Integer handling issues,
4. Resource leaks,
5. Weak cryptography, and
6. Concurrency bugs.

Security standard compliance

Security critical Java applications have to follow secure coding standards, such as the CERT secure Java coding standard. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

API update

Tools for updating code to match the security API in an updated Java version. Java 7 introduced better API methods for handling concurrency. Java 7,8, and 9 introduced better API methods for cryptographic operations. Our tools automatically update code to use newly introduced API functions.

Who needs OpenRefactory/Java?

1. Enterprise Java developers
2. Database application developers
3. Web Service developers

OpenRefactory/Android will be released in 2018.

Android applications that are written in Java may have their own class of security problems.

OpenRefactory/Android provides tools so Android developers can produce clean and secure code faster.

Comprehensive bug repair

Fixing the most important  security problems faced by developers.

1. Data storage security,
2. Configuration file issues,
3. Network resource security,
4. Intent verification,
5. Weak cryptography, and
6. Concurrency bugs.

Security standard compliance

CERT is in the process of preparing a secure coding standard for Android application developers. Google also suggests some best practices for Android developers. We have tools for evaluating code according to security guidelines and provide patches to bring code into compliance.

API update

Android API evolves rapidly—new secure API methods are introduced that replace old (and sometimes deprecated) methods. An example is the updated API methods for cryptographic operations. Our tools automatically update code to use newly introduced API functions.

Who needs OpenRefactory/Android?

1. Large companies with Android apps
2. Android-based game development companies
3. Transactional application developers

What sets OpenRefactory apart from other companies in the security bug space?

 

Other companies in the security bug space only detect security bugs. Even these reports contain a lot of false positives. Our tools fix bugs because that is the ultimate goal. The capabilities provided by our tools cover the tasks on which developers spend about 20% of their time. Developers use our tools while they are writing code, unlike bug detection tools that run in post-commit phase.

 

What is the current availability of OpenRefactory?

 

At the present time, we are soliciting companies for product trial lasting two months. Companies that want to use our product beyond the trial period will be required to enter into a partnership agreement with us.

Team

Munawar Hafiz

Co-founder & CEO

Munawar Hafiz has over twelve years of research experience in program analysis and transformation technologies. He has worked in the academia as an Assistant Professor at Auburn University, and in the industry as a Senior Software Engineer at Coverity. His work was supported by several awards from NSF, Google, Mozilla, etc. Dr. Hafiz received his Ph.D. and MS in computer science from UIUC and his B.Sc. Engg. degree in computer science and engineering from BUET.

Benjamin Madany

Co-founder & S/W Engineer

Benjamin Madany is the Software Engineering Lead of OpenRefactory, Inc. He has spent time working on research at EMC and as an engineer for LenovoEMC. He graduated with a B.S. in computer science from Boston College. He commands deep knowledge on the technical challenges of developing compilers and static analysis tools.

Chhavi Sharma

Business Development Executive

Chhavi Sharma has over 3 years of experience encompassing business development, advisory, sales and client servicing. She is a Level III Chartered Financial Analyst (CFA). She also has an MBA from the Institute for Financial Management and Research (IFMR) from Delhi University. Her skills with numbers is backed up by an undergraduate degree in Mathematics from Delhi University. She is a go-getter; she believes your passion guides you to your success.

Robert Bowdidge

Robert Bowdidge is a software tools developer interested both in how programmers work, and how to build tools to help programmers become more productive.  Robert’s focus has been on tools for code understanding and manipulation.  He implemented early user interfaces for refactoring tools while in graduate school, implemented refactoring support in Apple’s Xcode IDE, and completed a million line refactoring cleanup while at Google.  Robert has also developed bug finding tools, performance analysis tools, and compilers.   Robert received his Ph.D. in Computer Science from the University of California, San Diego, in 1995, and his B.A. in Computer Science from the University of California, Berkeley, in 1989.  Robert is currently building tools at a stealthy startup.

Charlie Bedard

Charlie Bedard is a veteran of over 35 years in Silicon valley. He has worked for both large corporations and entrepreneurial startups. Among the large corporations, Charlie was System Architect and Senior Manager at BNRInc., the R&D arm of Nortel, Senior Manager, Macintosh Operating Systems at Apple and a Director of Software Engineering at Cisco Systems. As an entrepreneur, Charlie co-founded Starlight Networks, an industry pioneer in streaming video. Charlie was also VP of Engineering at Onlive! Technologies, which pioneered social and collaborative networking using VoIP technologies. Most recently, Charlie was a founding member of Inventergy Inc., now a publicly traded firm on NASDAQ, and Impact Engineered Wood, a manufacturing company with an exciting new building material.

Mushfique Manzoor

Mushfique Manzoor is an experienced result-driven business professional with over 17 years of experience in marketing and business development in multiple industries and verticals in Telecom, Food & Grocery Retail, Logistics and Fast-moving Consumer Goods (FMCG) industries. He has obtained his MBA and BBA from Institute of Business Administration, University of Dhaka, Bangladesh and has worked in Singapore, Vietnam, Nepal and Bangladesh.

Posts

 

Careers

(SENIOR) SOFTWARE ENGINEER

Bay Area, CA

We are looking for developers who are passionate about compilers and static analysis to join our team.

Minimum Qualifications:

  • BS degree in Computer Science, MS for senior position.
  • Software development experience in one or more general purpose programming languages. • Experience with Java, C, Python.

Preferred Qualifications: 

  • 3 years of full time experience (can be substituted by documented open source development experience).
  • Previous experience in compiler technologies, especially parsing and static analysis.
  • Knowledge about Makefile-s and build systems.
  • Experience working with Unix/Linux environments and developing large software systems.

 

Send your resume to info@openrefactory.com