Munawar Hafiz

       Software Engineer/Entrepreneur

       Founder & CEO

       OpenRefactory, Inc.

       Milpitas, CA

       Email: munawar_d0t_hafiz(at_symbol)gmail_d0t_(you_know)

[Link to OpenRefactory]        [Publications]      [CV/Resume]         [The lighter side]

I am the founder and CEO of OpenRefactory, Inc., focusing on building software tools to allow developers to automatically fix security problems. Currently, OpenRefactory is offering tools for C and Java (+ Android) developers.

I was a Senior Software Engineer at Coverity from 2015-2016 and an
Assistant Professor at the Department of Computer Science and Software Engineering at Auburn University from 2011-2015. I got my Ph.D. from University of Illinois at Urbana-Champaign in 2010.

My company is currently funded by an SBIR award from the National Science Foundation. My research was previously supported by awards from the National Science Foundation (NSF), Google, Mozilla, and Auburn University Startup Fund.

Two of my projects:

OpenRefactory/C and OpenRefactory/Java: Go to OpenRefactory company page.

Security Pattern Catalog
: The most comprehensive work on cataloging and organizing security patterns.


07/16 - OpenRefactory, Inc. receives NSF SBIR award.

05/16 - Two Papers at ICSE 2016. Winner of the Best Paper Award at ICSE 2016.

11/14 - ACM Distinguished Paper Award Nominee at FSE 2014.

09/14 -
Best Paper Award at ESEM 2014.

06/13 - Zack Coker from my Group wins
the ACM SRC Grand Finals 2013 in undergrad category. Earlier, he won the ACM SRC at SPLASH 2012.


Selected Publications

1. S. Hasan, Z. King, M. Hafiz, M. Sayagh, B. Adams and A. Hindle. Energy Profiles for Java Collection Classes. In Proceedings of the 38th International Conference of Software Engineering (ICSE 2016), Austin, TX, May 2016. [Best Paper Award]  [Acceptance Rate: 101/530 (19%)]

2. N. Sultana, J. Middleton, J, Overbey and M. Hafiz. Understanding and Fixing Multiple Language Interoperability Issues: The C/Fortran Case. In Proceedings of the 38th International Conference of Software Engineering (ICSE 2016), Austin, TX, May 2016. [Acceptance Rate: 101/530 (19%)]

3.  J. Overbey, F. Behrang and M. Hafiz. A Foundation for Refactoring C with Macros. In Proceedings of the 22nd ACM SIGSOFT International  Symposium on the Foundations of Software Engineering, FSE 2014, Hong Kong, Nov 2014. [Acceptance Rate: 61/273 (22%)]

4.  A. Bosu, J. Carver, M. Hafiz, P. Hilley and D. Janni. Identifying the Characteristics of Vulnerable Code Changes: An Empirical Study. In Proceedings of the 22nd ACM SIGSOFT International  Symposium on the Foundations of Software Engineering, FSE 2014, Hong Kong, Nov 2014. [Acceptance Rate: 61/273 (22%)]

5.  M. Fang and M. Hafiz. Discovering Buffer Overflow Vulnerabilities In The Wild: An Empirical Study. In Proceedings of the ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2014, Torino, Italy, September 2014. [Best Paper Award]

[Acceptance Rate: 23/123 (18.7%)]

6.  S. Gude, M. Hafiz and A. Wirfs-Brock. JavaScript: The Used Parts. In Proceedings of the IEEE Annual International Computers, Software & Applications Conference, COMPSAC 2014, Vasteras, Sweden, July 2014. [Acceptance Rate: 22%]

7.  A. Shaw, D. Doggett and M. Hafiz. Program Transformations to fix C Buffer Overflows. In Proceedings of the 44th Annual IEEE/IFIP Conference on Dependable Systems and Networks, DSN 2013, Atlanta, GA, June 2014. [Acceptance Rate: 56/242 (23.1%)]

8.  J. Overbey, R. Johnson and M. Hafiz. Differential Precondition Checking: A Language-Independent, Reusable Analysis for Refactoring Engines. To be published in Automated Software Engineering, 2014.

9.  M. Gligoric, F. Behrang, J. Overbey, M. Hafiz and D. Marinov. Systematic Testing of Refactoring Engines on Real Software Projects. In Proceedings of the European Conference on Object-Oriented Programming, ECOOP 2013, Montpellier, France, July 2013. [Acceptance Rate: 29/116 (25%)]

10.  Z. Coker and M. Hafiz. Program Transformations to Fix C Integers. In Proceedings of the 35th International Conference of Software Engineering (ICSE 2013), San Francisco, CA, May 2013. [Acceptance Rate: 85/461 (18.5%)]

11.  C. Liu, J. Yang, L. Tan and M. Hafiz. R2Fix: Automatically Generating Bug Fixes from Bug Reports. In Proceedings of the International Conference on Software Testing, Verification, and Validation, ICST 2013, Luxembourg, March 2013. [Acceptance Rate: 38/152 (25%)]

12. M. Hafiz, P. Adamczyk, and R. Johnson. Growing a Pattern Language (for Security). In OOPSLA12: Proceedings of the ACM International Conference on Object-oriented  Programming Systems Languages and Applications. Tucson, AZ. Oct, 2012. [Acceptance Rate: 11/43 (26%)]

13.  M. Hafiz, P. Adamczyk and R. Johnson. Systematically Eradicating Data Injection Attacks using Security-oriented Program Transformations. In ESSoS09: Symposium on Engineering Secure Software and Systems. Leuven, Belgium. Feb, 2009. [Acceptance Rate: 9/52 (17%)]

14.  M. Hafiz and R. Johnson. Evolution of the MTA Architecture: An Impact of Security. Software---Practice and Experience, 38(15):1569-1599, Dec 2008.


Complete list of Publications and Download Links



Resume and CV

Link to my CV.

Link to my one page Resume. (Not current)

Professional Activities

PC Member, COMPSAC 2012, SESS 2010-2012, ACM SE 2012

Member, Poster and SRC Committee, OOPSLA/SPLASH, 2011-2012, 2015, ICSE 2016.

Editorial Review Board, International Journal on Secure Software Engineering (IJSSE), 2009-2011.

Reviewer: IEEE Software, Software: Practice and Experience, Journal of Systems and Software, IEEE Transactions on Services Computing,

                   Computer and Security, LNCS Transactions on Pattern Languages of Programming (TPLoP), Communications of The ACM

Member, Hillside Group



The Lighter Side


In my past life, when I had some spare time, I used to be a photographer. You can find some of my exposures at my flickr page

My photography has been featured in The Mindful Eye, one of the premiere sites on photography. Here is a link to the photograph that was featured in a webcast. You can download the video from here (13MB, mov format).


I used to have a conventional blog, where I wrote about the non-serious aspects of my life. I don't maintain that anymore. It is instead a honeypot for all things spam... I am "seriously" considering to start a "serious" blog about my experiences in software engineering, security, or perhaps computer science in general; someday, I will start that. 


I am married to Farhana Ashraf. She got her Ph.D. from UIUC in 2013. She will be joining Google in 2014. 


More about my life. 


Last modified:  Jan 14, 2017