Munawar Hafiz, CEO of OpenRefactory, writes this blog post. ChatGPT’s bug finding capability is limited to small code snippets, less than a hundred lines of code. When it finds bugs correctly, its explanation of the bug is better than all other static analysis tools in the market. ChatGPT makes mistakes in detecting bugs and suggesting …
It’s easy to overlook the occasional software bugs and glitches, but some of the most negligible software errors could result in substantial financial costs if left unfixed. Case in point, a software bug in self-driving cars made them automatically brake after falsely detecting emergencies. This caused close to 12,000 units to get recalled in 2021 …
The story of iCR finding the nastiest injection bugs Munawar Hafiz, CEO of OpenRefactory writes this blog post. I was scheduled to give a talk at JavaOne on Intelligent Code Repair (iCR) being able to find the LDAP injection vulnerability aka Log4Shell in the vulnerable Log4J code. I have given a short version of that …
The vulnerabilities are coming!
The vulnerabilities are coming! Read More »
Blog entry written by Dr. Munawar Hafiz, CEO of OpenRefactory Inc. This is a long and winding story with a set of lessons in the end. There is a TL;DR in the end for the restless, but the others are encouraged to follow along. OpenRefactory is in conversations with the alpha-omega project of OpenSSF on an ambitious project …
How to serve open source software maintainers without annoying them Read More »
**Image courtesy of Cyber Kendra) Open source libraries lay the foundations for modern applications. Polluting the libraries opens up opportunities to create security backdoors at a massive scale. There have been several recent incidents to pollute open source repositories. Here is a story from last week. On May 2022, a Reddit user posted that he …
iCR detects the latest PyPI repository poisoning attempt Read More »
When I was a kid, I found it fun to create “art” using a Paint by Numbers kit. Maybe you also played with it as well. Paint by numbers was a way to take a person with minimal skill (that would be me) and have them follow some basic steps to “create” a recognizable painting. …
Hi. My name is Charlie and I am an Engineer. I have been an Engineer all of my life. I have written thousands of lines of code in dozens of languages, some of which you have never heard of. I have worked with and managed teams of engineers from around the world. Some were just …
Sometimes simple errors may bubble up and produce something big. A classic example of this is rounding off with floor() or ceil() methods in an arithmetic operation too early. In that case the off-by-one error propagates and may lead to a significant deviation. While preparing this year’s tax return a few days ago (I am …
Ashish Kakran of Thomvest ventures writes about the emerging DevOps trends in a recent article published in the DevOps blog space. https://devops.com/devops-trends-to-watch-in-2021/ Ashish identifies several emerging trends in DevOps practices. We, at OpenRefactory, follow the commentaries from the thought leaders and gauge how our Intelligent Code Repair (iCR) solves the …
KeePass is a free, open source, light-weight and easy-to-use password manager that allows users to manage their passwords across multiple accounts and applications in a secure way. It supports a password database that is locked with a single master key. KeePassDroid is a port of this password manager for Android. It is a popular password …
