OpenRefactory, Inc.

The OpenSSF 2024 Annual Report is out! https://hubs.la/Q034JbJs0 This year was experimental for us (OpenRefactory, Inc.), as well as for Alpha Omega. We mainly took two approaches to combat the threats in open-source software. First, we focused on finding bugs at scale using static analysis (it works great, you just need the right tools). Secondly, we focused on three most popular and important open-source projects to find and fix their supply chain security. We're building "Project Clean Beach" on that idea, focusing on the most important part of your software-- the software you didn't write (eg. dependencies). Find more at https://lnkd.in/gzWcBSSX Munawar Hafiz Mushfique Manzoor Charlie Bedard

How good is DeepSeek in driving an AI agent? We tested DeepSeek with three other flagship LLM models to compare the capability to drive an agent that attempts to build an open source package from scratch. To our surprise, DeepSeek's MoE architecture did much better than the others. It was able to build 14 of the 15 packages under test. The next best was 11. https://lnkd.in/gFF2Szei #deepseek #openai #gemini #comparison #agenticai #llm

Our CEO, Dr. Munawar Hafiz is attending #FOSDEM this weekend. Let's meet to protect you from catastrophic risk of software failure.

Dr. Munawar Hafiz will be speaking on "Our SAST Tools have Failed Us" at The Elephant in AppSec Conference on 7th Nov 2024. Register at https://lnkd.in/gf3tCM6r #SAST #appsec #appsecurity #applicationsecurity #projectcleanbeach

ERA Infotech Limited, a leading IT services company developing business solutions and services for banks, non-bank financial institutions (NBFIs), corporations as well as the Government Sector, focusing on innovation, quality and scalability has selected OpenRefactory's Managed Security Audit Service to protect itself from catastrophic risks of software failure. Our gratitude to Muhammad Mabud and Tauhidul Hoque for having confidence on us! #iCR #ManagedSecurityAudit #security #appsecurity #appsec #sourcecodesecurity

OpenRefactory, is introducing Project Clean Beach at the #OWASPGlobalAppSec2024 in San Francisco this week. We are cleaning the vast compendium of Open Source libraries that everyone uses but which carry undetected and dangerous security flaws. We think of the public world of Open Source like a public beach that we all share but we also wish it were safe and clean. And we're cleaning it up with support from major players like Amazon, Microsoft and Google through their support of the Alpha-Omega (https://alpha-omega.dev/) project. At OpenRefactory's Booth S512 security professionals will be able to learn more about how to protect themselves from security attacks through Project Clean Beach. Visit us at Booth S512 for Project Clean Beach.

Michael Winser and Dr. Munawar Hafiz will be presenting Project Clean Beach today at the Open Source Summit Europe 2024

We are excited to partner with Jarek Potiuk and Michael Winser in this project. This keynote will be starting the Airflow Summit. It will be a blast! Apache Airflow

Test Driving SonarCloud on Kubernetes to understand the bugs it reports in Golang applications. https://lnkd.in/gm7WyNen * SonarCloud found 16,244 bugs with 16,244 false warnings/WONTFIX issues (100%). * Not a single serious bug is found. * SonarCloud missed one known high severity data race bug (https://lnkd.in/gVaxbNK2). * Triaging cost 2,707 hours ($351,910). * No improvement in quality. #sast #testdrive #sonarcloud #golang #opensource #sonarqube