CAST in the U.S

New York

321 W. 44th St., Suite 501
New-York, NY 10036
Phone: +1 212 871 8330
Fax: +1 212 759 3845

Washington D.C.

4075 Wilson Bd 8th fl
Arlington, VA 22203
Phone: +1 703 894 1350
Fax: +1 571 257 7453

CAST is the market leader in Software Intelligence, with unique technology backed by $150 million in software analysis and measurement R&D. CAST technology helps digital leaders and doers see the truth, become software geniuses and deliver super software - resilient, responsive, safe and secure software. Hundreds of companies rely on CAST to improve end-user satisfaction and time-to-market, prevent business disruption and reduce cost. Founded in 1990, CAST operates globally with offices in North America, Europe, India and China.

CAST and Software Heritage Partner to Create World’s Largest Provenance Index of Publicly Available and Open Source Code

Software Intelligence lends unprecedented insight into IP license risk.

New York and Paris – Feb. 19, 2019 – CAST, the leader in Software Intelligence, and Software Heritage, the universal archive of source code, today announced a key partnership to create a provenance index of the world’s largest open archive of software source code.

Leveraging a unique indexing technology developed through this partnership, users will be able to efficiently search the Software Heritage platform to identify the original occurrence of any given source file, as well as all its subsequent occurrences. This provides unprecedented insight into the evolution of software development.

When connected to CAST Highlight, this index will provide lightning-fast identification of third-party source code across more than five billion known source code files, enabling better detection of external code, license risks and vulnerabilities.

“The lack of Software Intelligence around open source versioning and licensing puts many companies in danger of losing valuable IP, as most executives are unaware of their risk exposure,” said Vincent Delaroche, Founder and CEO at CAST. “Business leaders should be aware when open source and other external components in code expose their organization to non-compliance, legal action and possible loss of proprietary IP.”

CAST’s partnership with Software Heritage comes on the heels of the company’s 2018 acquisition of Antelink, the Software Composition Analysis (SCA) company, and all its associated patents from the Inria research institute. These patents will be leveraged in the source code provenance index partnership.

Software Heritage is an established non-profit initiative to build the universal archive of software source code. It is sponsored by Microsoft, Intel, Google, GitHub, as well as leading corporations such as Société Générale, academia and the public sector. Already tracking more than 5.6 billion source files from more than 88 million projects, including Debian, GitHub, GitLab, Gitorious, GoogleCode, GNU, the Python Package Index and more, the Software Heritage archive has the unique ability to trace detailed revision history of all codebase versions its stores.

“Together with Software Heritage, we are creating the most comprehensive and automated solution for managing third-party license and security risk across the global software supply chain,” said Olivier Bonsignour, EVP of CAST R&D. “The resulting Software Intelligence generated from CAST’s unique and patented reverse-engineering technology will deliver real-time visibility into outdated or vulnerable components that need to be addressed as a priority for optimal operations and software security.”

Roberto Di Cosmo, Founder and CEO of Software Heritage, added: “We are thrilled to welcome CAST as a key partner, joining us in an endeavor to collect, structure and preserve the precious knowledge embedded in source code and make it broadly accessible. CAST shares our vision, and together we are building an efficient provenance index on the Software Heritage archive to deliver unprecedented insight into software design and pave the way for better software development.”

###

About CAST

CAST is the market leader in Software Intelligence, achieving for software what MRI has for medicine: unprecedented visibility. Backed by almost $200 million in R&D, CAST technology drives IT automation at the world’s largest systems integrators and generates insight into complex systems by scanning and understanding software structure, architecture and composition. Customers rely on CAST to make fact-based decisions, see their architectures, detect security threats and ensure the safety and soundness of business applications and software products. Learn more at www.castsoftware.com.

About the Software Heritage Foundation

Software Heritage was launched in 2016 by Inria, the French National Institute for Digital Sciences, with a mission to collect, preserve and make software source code accessible to both current and future generations. Software Heritage has partnered with Unesco and is sponsored by industry leaders, universities, and governmental bodies worldwide who all share the common vision: software source code is an important part of human heritage, and an essential mediator for access to all digital information. By building a universal and sustainable software source code archive, Software Heritage is creating an essential infrastructure for science, industry and society in general. Join the movement at www.softwareheritage.org.

About Inria

Inria, the French Research Institute for Digital Sciences, promotes scientific excellence and technology transfer to maximize its impact. It employs 2,400 people. Its 200 agile project teams, in cooperation with academic partners, involve more than 3,000 scientists in meeting the challenges of computer science and mathematics, often at the interface of other disciplines. Inria works with many companies and has assisted in the creation of over 160 startups. It strives to meet the challenges of the digital transformation of science, society and the economy. Discover more at www.inria.fr.

You can also:
Read the Software Intelligence Pulse: https://www.castsoftware.com/blog
Read the Software Heritage Blog: https://www.softwareheritage.org/blog

Follow CAST on Twitter: http://www.twitter.com/onquality
Follow Software Heritage on Twitter: http://www.twitter.com/swheritage

Contact:
For CAST: Britney Schaeffer, communications@castsoftware.com, +1 212-871-8361
For Inria: Laurence Goussu, Laurence.Goussu@inria.fr, +33 6 81 44 17 33

 

  • ×

    West Monroe Partners

    Our business consultants are driven by opportunities to contribute to your commercial success. We partner with you to help generate revenue, reduce costs and transform your thinking, operations, and capabilities. We are at our best when your objectives demand tightly managed efforts that make direct progress toward clear business purposes.

  • ×

    Global Data Strategy

    Global Data Strategy is an international information management consulting company specializing in the alignment of business drivers with data-centric technology. Our passion is data, and helping organizations enrich their business opportunities through data and information.

  • ×

    UST Global

    UST Global is a leading provider of end-to-end IT services and solutions for the Global 1000 market. It offers a client-centric fully integrated Engagement Model that provides the optimal mix of senior local resources with the cost, scale and quality advantages of offshore operations for each client.

  • ×

    Premios

    David Consulting Group is a leader in the area of software process performance analysis and measurement. DCG has created solutions designed to improve client competitiveness through improvements to the productivity, performance and quality of their software practices and IT delivery. At the core of our success is the ability to identify our clients business and technical objectives and to map their goals to a series of core metrics that quantitatively measure performance based on those goals and objectives.

    Antonio Timbol,
    610-644-2856 x28,
    t.timbol@davidconsultinggroup.com

    "DCG combines our knowledge based consulting with the CAST Software automated business intelligence platform, AIP, to bring unique knowledge based solutions to our customers. Learn more on how DCG can help you move towards evidence-based decision making to manage value-driven change."
    Antonio Timbol, Director of Marketing David Consulting Group.

Learn how federal agencies are using Software Analysis & Measurement solutions to reduce risks of critical systems, maximize IT program and system integrator performance. CAST Federal Solutions provides technology and services in the following areas:

IT Vendor Transparency

Federal IT Programs are challenged to provide unambiguous guidance to  system integrator partners as to the specific standards by which the delivered application products will be assessed.  Software analysis and measurement based on CISQ standards promotes common understanding for government and providers as to ongoing delivery reliability, security and quality of the systems.  This results in 50% lower likelihood of testing or deployment defects while reducing production risks and cost of rework.  
For examples of contracts, and SLA’s, please contact the CAST Federal Practice: castfed@castsoftware.com

Vulnerabilities in software that are introduced by mistake or poor practices are a serious problem today".  - Cyber Security: A Crisis of Prioritization, the President’s Information Technology Advisory Committee.

Software Assurance

Software that is designed with solid architectural design emphasizing reliability and resiliency is more difficult to penetrate. Poor design provides vulnerabilities that are infected and which are often replicated and propagated within a complex system. Performing late stage security audits and building firewalls is not enough—security must be designed and built into an application and then rigorously verified – multiple times within each and every release. CAST’s Software Assurance solution provides a systematic set of evaluations to support  conformance to requirements and standards around:

  • Trustworthiness - No exploitable vulnerabilities exist, either of malicious or unintentional origin
  • Predictable Execution - Justifiable confidence that software, when executed, functions as intended.
  • Reliability & Performance - Security is ultimately a component of overall quality risk. Applications that are slow or unstable are more easily breached. This is recognized by ISO, CISQ, and CWE.

Software Code Quality Checking (SCQC)

SCQC is an automated analysis of source code to ensure that the system should continue within development, demonstration, and test.  SCQC helps ensure that the application in development or sustainment can meet the stated performance, maintainability, and usability requirements within cost (program budget), schedule (program schedule), risk, and other system constraints. SCQC complements Developmental Test and Evaluation (DT&E) and Operational Test & Evaluation (OT&E) by identifying defects earlier in the system development lifecycle (SDLC).

Benchmarking

Effective benchmarking enables an organization to easily identify and prioritize opportunities—by process, vendor and cost driver—which, in turn, results in relevant improvement targets and stronger overall business case for the transformation effort.  CAST introduced the industry’s first software quality benchmarking capability in 2010. The service, (Appmarq,) gathers data from CAST analyses performed across global industry and public sector IT organizations and provides normalized data for CAST clients in support of external benchmarking. This work is being done at the program and enterprise levels in a number of organizations in industry and government.

Measuring IT Productivity

One of the most vexing problems in software engineering – in Industry or Federal sectors - is measuring the amount of progress made in developing or sustaining a software product.  The largest opportunity for improving quality and productivity during application development is in eliminating its largest sources of waste: defects and the rework they cause, 30-50% of the development effort is devoted to rework.   
CAST Application Intelligence Platform (AIP) is a powerful IT operational management platform that gives OCIO and Program executives the visibility and control to improve business productivity to reduce IT costs. CAST has the ability to quantify quality and progress, rather than just time spent. 

IT Portfolio Analysis

The stove-piped and complex nature of the Federal enterprise has led to a proliferation of duplicate and low priority investments in information technology.  In short, agencies’ portfolios have become cluttered with obsolete systems that no longer deliver full value to the citizen.  Fact-based approach to IT planning and budgeting, improves efficiency in the governance of application portfolio rationalization efforts, leading to optimized allocation of funding and resources. Align application investment decisions more effectively with organizational strategies and priorities through an effective dialogue between program managers and IT.

a failure to satisfy a non-functional requirement can be critical, even catastrophic…non-functional requirements are sometimes difficult to verify. We cannot write a test case to verify a system’s reliability… The ability to associate code to non-functional properties can be a powerful weapon in a software engineer’s arsenal.

Spinellis D. Code Quality

Federal Partnerships

CAST has successfully teamed with Boeing, CSC, Northrop Grumman, Accenture, Keane, Ingenium, Booz Allen, Lockheed, Raytheon & Sybase Corporation

Contract Vehicle

GSA Schedule (GS-35F-0649S)

CAST Section 508 Statement of Policy

Click here to get the latest version of our Section 508 Statement of Policy

Prior Performance

CAST prior performance in Federal contracts includes: