Good Code, Bad Code, and VulnerablePRO TALK (API): Good Code, Bad Code, and Vulnerable CodeCode

API World -- PRO Stage 1

Munawar Hafiz
OpenRefactory, CEO

Munawar Hafiz is the founder and CEO of OpenRefactory, Inc., an application security company that intends to improve the way developers write secure, reliable and compliant code. Munawar had a body of work on automated bug fixing in academia which lays the foundation for OpenRefactory. He is a champion of pushing SAST bug detection tools for better precision and introducing code rewriting capabilities to fix bugs automatically.

Coding is like gardening; it requires good plan, good supplies, but most importantly continuous nurture and maintenance. In this talk, we will concentrate on refactorings and program transformations that help nurture good code by removing code smells and vulnerabilities. Refactoring code is a second nature primarily for modern language developers. But, why limit refactoring only to make code maintainable and understandable? What if there were refactorings that go beyond behavior preservation and make code more secure, morereliable, and run faster? That would require tools that rewrite code with surgical precision, such that the undesirable behavior of the code is fixed, while the good path behavior of the code remains intact. Being integrated with source code and development process, refactorings and program transformations not only help maintain good code, but also teach developers about how to write and appreciate good code.