Security bugs, when exploited, are extremely costly and painful. Unfortunately, bugs are created at a faster pace than developers can deal with them. Kaspersky reported in a recent survey on 5,500 companies across 26 countries all over the world that 90% of the companies admitted to having a security incident and that the average cost of each failure is over $550,000.
Ever since software security became important, developers addressed security concerns in software manually. Automated tools are available to detect bugs, but they only assist developers who then have to triage and fix the detected bugs. OpenRefactory challenges this with a simple idea: “What if there were tools that not only detected bugs but also fixed them automatically?” It offers Intelligent Code Repair (iCR) that automatically fixes safety, security, reliability, and compliance bugs during software development. In this way, it disrupts how software companies approach secure software development.
OpenRefactory currently provides Intelligent Code Repair (iCR) service for both Java and C. Java is a dominant language in the industry for Enterprise Software development and C remains heavily used for infrastructure, embedded systems and the emerging Internet of Things (IoT). Other languages will be offered in the future.
Clients can request a periodic check of their code which we refer to as an Audit. Once the Audit results demonstrate the value of regular iCR processing, the service can be integrated with the build system and the client’s source code repository as a SaaS service. This way, you will always have an automated intelligent ‘eyeball’ to look into every line of code that has been introduced and fix problems when they arise.
OpenRefactory tools save costs by fixing bugs faster and earlier. These tools save over 11% of a developer’s time, for each developer (approximately $15,000 per developer per year); this is the time spent otherwise fixing the bugs manually. By fixing bugs earlier in the development process, OpenRefactory reduces the bug fixing cost by 10x when bugs have to be fixed close to product release, and more than 100x if bugs have to be fixed after product release. The tools also reduce the dependence of software development companies on ‘hard-to-find’ security experts.
Of course. For users of the C service, we have created a ‘Testing Ground’ (https://samate. openrefactory.com) for you or your developers to try out the service and to see how it automatically detects and corrects problems. The ‘Testing Ground’ offers access to sample C programs from the NIST SAMATE (Software Assurance Metrics And Tool Evaluation) database used to benchmark code analysis services. Since the ‘Testing Ground’ uses a working OpenRefactory server, you will need to contact us first to obtain credentials to use the ‘Testing Ground’.
For Java users, we offer an easy to set up ‘Express Audit’ that will scan your code looking for a subset of potential problems and you can easily discover how our Java code repair service can make your code more reliable.
The research behind the iCR service has been backed by over $1.5M in support from the National Science Foundation (NSF), the Department of Energy (DoE), Google, and Microsoft. The OpenRefactory team assembles over fifty years of development and management experience in delivering developer tools. Co-founder Dr. Munawar Hafiz has over twelve years of experience in developing Intelligent Code Repair tools for C, Java, PHP, Fortran, and Go in academia. The last tool developed by Dr. Hafiz and his students, Go Doctor, was the first refactoring engine for the Go language developed for and delivered to Google.