Authored by Md Shoaib Shahriar Ibrahim and Saadman Ahmed, security engineers at OpenRefactory. Edited by Charlie Bedard Overview In today’s fast-paced world of software development, security vulnerabilities are an ever-present risk. While patching a vulnerability addresses the immediate problem, understanding the root cause is critical to prevent future issues, improve code quality, and strengthen overall …
Authored by Munawar Hafiz, CEO at OpenRefactory and Piotr Karwasz, VP, Apache Logging Services, Apache Software Foundation. Edited by Charlie Bedard Most of our software is not ours. We depend on hundreds if not thousands of open source components. When there is a new CVE that is reported in any of the open source dependencies, …
Authored by Munawar Hafiz, CEO at OpenRefactory. Edited by Charlie Bedard … and a New Era of Intelligent Code Repair On May 15, 2025, the Rust programming language officially turns 10 years old. Over the past decade, Rust has gone from a bold experiment in systems programming to a foundational technology trusted by companies, open-source …
Authored by Tim Curley, Business Development at OpenRefactory. Edited by Charlie Bedard The Imperative of Continual Scanning and Maintenance Abstract Open-source software (OSS) repositories are the lifeblood of modern software development, powering 80%-90% of the digital infrastructure across industries. While the open-source model fosters collaboration and innovation, it also presents unique challenges, particularly regarding code …
Authored by Md Abdullahil Kafi, secure software engineer at OpenRefactory. Edited by Charlie Bedard Introduction Pickle vulnerabilities are so widespread that it has become common knowledge in the Python world similar to the buffer overflow vulnerability in the C world. Recently, our team found a deserialization issue (CWE 502: Deserialization of untrusted data) in …
Authored by Md Abdullahil Kafi, secure software engineer at OpenRefactory. Edited by Charlie Bedard The ‘F’ Frameworks Michael Winser of the Alpha-Omega project recently wrote a blog on the Three F framework for managing the risk coming from the open source dependencies. Here is a list of the key points made in that article. Open …
Securing Software Supply Chains With The Six ‘F’ Strategies Read More »
