Prepared by Charlie Bedard. OpenRefactory, in collaboration with Piotr P. Karwasz (VP ECMA Relations and Logging Services, ASF), introduces the first release of the VEX Generation Toolset, an open-source initiative developed by the Apache Software Foundation and OpenRefactory with funding from the Alpha-Omega Fund. The

Authored by Munawar Hafiz, CEO at OpenRefactory. Edited by Charlie Bedard. TL;DR: OWASP 2025 shows that application security isn’t just about code anymore. Software Supply Chain Failures are now a top‑3 risk. Secure your dependencies, harden your pipelines, and treat your whole ecosystem as part of

Authored by Md Shoaib Shahriar Ibrahim and Saadman Ahmed, security engineers at OpenRefactory. Edited by Charlie Bedard Introduction In a previous blog post, we introduced our AI-powered CVE Root Cause Identification Agent—a tool designed to automate the complex process of tracing vulnerabilities back to their

Authored by Piotr P. Karwasz who is a PMC member of Apache Log4J and an external collaborator of OpenRefactory. Edited by Charlie Bedard. Introduction A Vulnerability Exploitability eXchange (VEX) is a machine-readable file used to indicate whether vulnerabilities in an application’s third-party dependencies are actually

Authored by Md Shoaib Shahriar Ibrahim and Saadman Ahmed, security engineers at OpenRefactory. Edited by Charlie Bedard Overview In today’s fast-paced world of software development, security vulnerabilities are an ever-present risk. While patching a vulnerability addresses the immediate problem, understanding the root cause is critical

Authored by Munawar Hafiz, CEO at OpenRefactory and Piotr Karwasz, VP, Apache Logging Services, Apache Software Foundation. Edited by Charlie Bedard Most of our software is not ours. We depend on hundreds if not thousands of open source components. When there is a new CVE