New Offering from CAST Makes Business-Critical Software More Secure

CAST brings more than 25 years of excellence in software quality to help CIOs measure and maintain secure software with system-level analysis


New York – June 27, 2017 – CAST, a leader in software analysis and measurement, today announced CAST for Security, a new offering that leverages system-level analysis to strengthen the security of business-critical software. CAST for Security helps organizations optimize application design to protect sensitive data by preventing common software attacks and enforcing architectural constructs known to keep data secure.

Combining technology from the Application Intelligence Platform (AIP) and specific rules for static application security testing (SAST), CAST for Security flags security hot spots that are vulnerable to attack, ensures secure coding practices, eliminates false positives and trends security performance over time.

“Cyber risk and security challenges have moved beyond network-level issues to the application layer. To be successful in this new paradigm, CIOs must adopt a holistic, proactive and design-based approach to securing applications while not overwhelming development teams,” said Olivier Bonsignour, EVP of Product Development at CAST. “As organizations adopt DevOps and Agile methodologies for speed, CAST for Security opens a new line of cyber defense by inserting secure design practices from the beginning of the software development lifecycle, resulting in high-quality, secure apps that can still be delivered in a timely manner.”

Most security tools that analyze source code only look for intrusion vulnerabilities, like SQL injection and cross-site scripting. This approach still leaves business-critical data at risk. CAST for Security uses AIP’s system-level analysis to create an architectural blueprint for applications and immediately identify data call pathways that are vulnerable. This also enables teams to estimate the security debt of critical applications for a more complete picture of software risk.

“We see organizations coordinating security with quality initiatives increasingly overall and also as a part of DevSecOps initiatives; applying system-level code analysis to help secure applications during development is a key aspect,” said Melinda Ballou, Research Director, Agile ALM, Quality and Portfolio Strategies at IDC. “Providing contextualized software analysis to reduce noise and help eliminate false positives that distract from actual software vulnerabilities enable visibility and higher success for security and quality strategies.”

“As a recognized leader in analyzing system reliability and resilience in IT software, CAST has always had an established set of security findings,” added Lev Lesokhin, EVP of Strategy and Analytics at CAST. “Over the last two years, a significant part of our customer base has tapped CAST for our security capabilities because it’s much more comprehensive than what is available today. CAST for Security is now packaged and priced as a separate offer to make it easier for our customers to benefit from CAST’s expertise in application security.”

Learn more at

About CAST
CAST is the world leader in software analysis and measurement, with unique technology resulting from $150 million in R&D investment. CAST introduces fact-based transparency into application development and sourcing to transform it into a management discipline. More than 250 companies across all industry sectors and geographies rely on CAST to prevent business disruption while reducing hard IT costs and software risk. CAST is an integral part of software delivery and maintenance at the world's leading IT service providers. Founded in 1990, CAST is listed on Euronext (CAS) and serves IT intensive enterprises worldwide with offices in North America, Europe and India.

For more information about CAST: