Asked Questions

Learn more about intelligent Code Repair (iCR)

Security bugs, when exploited, are extremely costly and painful. Unfortunately, bugs are created at a faster pace than developers can deal with them. Kaspersky reported in a recent survey on 5,500 companies across 26 countries all over the world that 90% of the companies admitted to having a security incident and that the average cost of each failure is over $550,000.

Ever since software security became important, developers addressed security concerns in software manually. Automated tools are available to detect bugs, but they only assist developers who then have to triage and fix the detected bugs. OpenRefactory challenges this with a simple idea: “What if there were tools that not only detected bugs but also fixed them automatically?” It offers Intelligent Code Repair (iCR) that automatically fixes safety, security, reliability, and compliance bugs during software development. In this way, it disrupts how software companies approach secure software development.

OpenRefactory currently provides Intelligent Code Repair (iCR) service for both Java and C. Java is a dominant language in the industry for Enterprise Software development and C remains heavily used for infrastructure, embedded systems and the emerging Internet of Things (IoT). Other languages will be offered in the future.

iCR for Java service is offered in two forms.

The fastest way to use the service is via the cloud. An instance of iCR for Java is created when you select the product from a cloud provider like AWS Marketplace. You interact using your browser. You use one of the popular cloud-based repositories, like GitHub, GitLab or BitBucket, to tell iCR for Java what project you want analyzed. Then click it and go. You pay only for the time you are using the service.

For clients who want to run an analysis on a private platform, or who want the service to be available all of the time, you can subscribe to our Private Platform package where the software is installed on a private Linux server.

Learn more about both of these services and our Introductory Offers here.

OpenRefactory tools save costs by fixing bugs faster and earlier. These tools save over 11% of a developer’s time, for each developer (approximately $15,000 per developer per year); this is the time spent otherwise fixing the bugs manually. By fixing bugs earlier in the development process, OpenRefactory reduces the bug fixing cost by 10x when bugs have to be fixed close to product release, and more than 100x if bugs have to be fixed after product release. The tools also reduce the dependence of software development companies on ‘hard-to-find’ security experts.

Of course. For Java users, we offer a free trial service which allows you to easily discover how our iCR for Java service can make your code more reliable. Click here to learn about our iCR for Java introductory offers. 

For users of the C service, we have created a ‘Testing Ground’ for you or your developers to try out the service and to see how it automatically detects and corrects problems. The ‘Testing Ground’ offers access to sample C programs from the NIST SAMATE (Software Assurance Metrics And Tool Evaluation) database used to benchmark code analysis services. To learn more about our service for C, please contact us at

The research behind the iCR service has been backed by over $1.5M in support from the National Science Foundation (NSF), the Department of Energy (DoE), Google, and Microsoft. The OpenRefactory team assembles over fifty years of development and management experience in delivering developer tools. Co-founder Dr. Munawar Hafiz has over twelve years of experience in developing Intelligent Code Repair tools for C, Java, PHP, Fortran, and Go in academia. The last tool developed by Dr. Hafiz and his students, Go Doctor, was the first refactoring engine for the Go language developed for and delivered to Google.