OpenRefactory, Inc.,

Most of our code depends on thousands of open source libraries, but we take all the risks. OpenRefactory proactively finds "zero days" in your open source code at scale.

* 10 clients
* 2024 Target ARR $600K, 2025 Target ARR $3M

The current SAM for bug detection market is $2B. This market primarily targets large enterprises and is estimated to be only one sixth of the TAM. This underserved market contains SMEs. OpenRefactory will target and dominate in this underserved SME-based market.

Most of our code is not ours, they come from thousands of open source dependencies, but we are consuming all the risks. This is addressed by the Software Composition Analysis (SCA) market, which is now about $300M and is growing at 20% CAGR.
But SCA only provides a reactive signal. The tools reports a bug after the information is publicly available as a CVE. By the time, the information is available, the damage has already been done.

OpenRefactory’s Project Clean Beach (PCB) is based on a metaphor assuming that open source packages are like public beaches, that are often messy. An organization cares about their section of the beach.

PCB is a SaaS that proactively finds and fixes the previously undetected bugs in your supply chain at scale. Imagine finding Log4Shell bug in 2013 as opposed to 2021 by proactively looking for it.

The Static Application Security Testing (SAST) market is about 20 years old
with the leading providers selling detection-only services. Nobody else offers
reliable code repair. It would require complete redesign of their software to try
to do so. Leading providers include Coverity (Synopsis), Fortify (MicroFocus)
Veracode, AppScan (IBM, now HCL), along with Checkmarx, GrammaTech,
Parasoft and others.

* Automated tools, from competitors, are available to detect bugs, but they only assist developers who then have to triage and fix the detected bugs manually. This is task is cumbersome and time consuming partly because of the high number of false positives produced by the detection-only services. iCR uses advanced deep analysis combined with machine intelligence and behavior enhancing code-refactoring to provide a service that not only detects bugs with very low false positives, it also rewrites the code to correct the bug. Nobody else can do this.
* SMEs face high overhead to adopt current bug detection solutions because they are short on engineering resources. By providing fixes with very low false warnings, iCR solves the engineering overhead problem.
* iCR does not require an elaborate setup. You can get a cloud instance and start analysis in less than 10 minutes.
* The pricing structure of annual license fee as charged by the detection only services requires large commitment cost. iCR on the cloud is available as a pay as you go service.

iCR is available in two ways.

1. Cloud service: ($25 per Cloud Machine Hour or CMH)
2. On premise: Yearly license fee per deployment ($15,000 license fee)

2021 Revenue Estimate:
$356K
Cloud Service:
* 130 micro teams (1-10 people), 7 CMH/month = $116K
* 30 small teams (<100 people), 30 CMH/month = $100K
* 10 medium teams (<250 people), 75 CMH/month = $100K
On Premise:
* 2 customers = $50K

Poised for explosive growth after the formative years

Growth will happen as OpenRefactory supports for languages (Pyhton, JS), is available from more platforms (Google Cloud, Azure, etc.,), and has more success stories.

* 17M Java and Python developers estimated across 1M+ companies
* Just by reaching 0.5% of the companies by 2023 (3 years), potential for $40M revenue.
* Cloud deployment should allow us to achieve that and more.

Cost:
Main cost is R&D and product sales and support.

Planned break even is in 3 years.

PCB is a SaaS. The clients provide their Software Bill of Materials (SBoM) that describes their beach. OpenRefactory provide an SLA to give information about the open source dependencies within a time period. OpenRefactory provides the signal as an API feed and also at a SaaS portal.

There is a yearly fee to be a part of the PCB and there is a fixed fee for each artifact cleaned by OpenRefactory.

Phase 1 – Establish Customer Base (3 months)
* Develop Web Marketing Plan to introduce first wave of customers to the
cloud service
* Establish small number of enterprise early adopters
* Offer Free trial period to introduce new customers
* Resources: 8 FT employees + 3 contractors + task specific contractors
(Accounting, Collateral design, Web Design)

Phase 2 – Update Service (3 months)
* Incorporate customer feedback into updated releases of the service
* Enhance collateral material and Website to begin broader customer
outreach
* Resources: Current team plus 2 additional offshore engineers and 1
additional sales support person

Phase 3 – Broad Customer Outreach (9 months)
* Expand web marketing program to pull in 300+ customers
* Develop iCR for Python
* Achieve annualized revenue run rate of $900K+ by end of period
* Resources: Current team plus 7 additional offshore employees, 2 new
domestic engineers and 2 additional sales support engineers

Total Seeking: $1M
Valuation Expectations: $4.5M pre-money
Type of Financing: Convertible Note; 10% discount, 5% interest

* Because OpenRefactory is a new company, customers may feel skeptical about allowing their source code to be scanned by iCR
* SME market needs a different price point

* Initially funded by a $225K award from the National Science Foundation (NSF) of USA.
* Participated in the SBIR program organized by the National Science Foundation as a part of the award.
* Created the fundamentals of business model, networked with people to form the team, worked on a prototype implementation.

* Initially funded by a $225K award from the National Science Foundation (NSF) of USA.
* Background research at the academia funded by over $1.5M in awards from the National Science Foundation (NSF) of USA, the Department of Energy (DoE) of USA, Google, and Microsoft.
* First academic research work on automatically fixing bugs with OpenRefactory infrastructure won the Best student research in all disciplines of computer science awarded by ACM. This was selected through a year long competition and was awarded at the Turing Award ceremony.
* Background work received two best paper awards and one best paper award nomination at top software engineering conferences.