Knowing the difference between true positives and false positives for Application Security Testing.
Reduce False Positives in Application Security Testing
Take the Full Advantage of Cloud Cost Reduction with Containerization as a Service
Take the Full Advantage of Cloud Cost Reduction with Containerization as a Service
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Place the Application Landscape at the Core of your Cloud Adoption Strategy
Place the Application Landscape at the Core of your Cloud Adoption Strategy
On June 9th, CAST hosted the event, How to Control Software Risk and Cost in Digital Transformation, in Madrid with CISQ and Dr. Richard Soley, CEO and Chairman of the Object Management Group.
How to Manage Software Risk and Cost in Digital Transformation
;
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Quality of Open Source Software Projects Report
Everyone wants to do DevOps like Netflix, but is it really right for your organization?
Netflix Envy
The recent spate of IT glitches and ‘power outages’ at British Airways which caused the UK’s national carrier to cancel all its flights worldwide at the start of May bank holiday along with the WannaCry ransomware attack which ground the National Health Service to a halt have exposed again the importance of IT systems in today’s business. The complexity of these IT systems, the number of vulnerabilities that exist in critical software used by critical infrastructure sectors such as the NHS, airlines, telecom operators has made headlines once more.
Need for Holistic IT Systems’ Risk Assessment
Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
Recap: Software Risk & Innovation Summit 2017
Disrupt or be Disrupted – Reinventing IT Portfolio Management in a Digital World
Disrupt or be Disrupted – Reinventing IT Portfolio Management in a Digital World
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
How to choose the right security solution for your AppSec Strategy.
SAST, DAST and IAST - What's the Difference?
At the upcoming Software Risk and Innovation Summit, CIOs address challenges around DevOps and the next big tech innovation trends.
CISQ Is Helping CIOs Master Digital Transformation
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Technical debt is at the top of developers pain points, and according to some this is due to a flurry of new development styles that have come into vogue. The software industry's focus on rapid application development, as necessary for business agility, has furthered the problem of technical debt. Fast implementation of containers and microservices lead to DevOps teams facing serious tech debt management issues.
The Pain Point of Technical Debt
A distinction that we always try to make in our posts is that there is both good and bad technical debt. This is similar to how there are ways in which financial debt can be used to strategically help a company
Technical Debt The Right Way
Last week we published a post about the Consortium for IT Software Quality's (CISQ) initiative to come up with a standard technical debt measure through a survey distributed to developers.
Contribute to CISQ's Technical Debt Remediation Survey
As we quickly head into the new year - the Consortium for IT Software Quality (CISQ) is working to develop a new measure for technical debt.
CISQ to Develop Technical Debt Standard Measure
Cars are no longer simple pieces of machinery, but have evolved into highly integrated pieces of technology - with software embedded into all their critical systems.
Technical Debt & Safety Critical Systems in Automobiles: The Road Ahead
CAST recently participated in a TechMarketView round table in London, discussing the effectiveness of digital strategies in banking.
Are Digital Strategies in Banking Working?
Reducing Technology Risk in M&As – The Case For Application Portfolio Analysis
Reducing Technology Risk in M&As – The Case For Application Portfolio Analysis
As a metaphor, technical debt relies on the fact that those who hear it understand the financial concepts that the metaphor relies on.
How To Reframe Technical Debt: A Painter and A Paint Bucket
This fall, CAST hosted its first Seminar on Productivity Measurement in the Context of IT Transformation featuring representatives from the retail, banking and insurance industries in the Netherlands. Featured speakers included CISQ, Allianz, BNP Paribas and METRI.
Why Productivity Measurement Matters
The key to security is to ensure that your most sensitive data is handled with proper controls in place. This should include working with your architects to explore the architecture of applications that handle the most critical data, starting from the data elements themselves and fanning out via impact diagrams (for example, CAST does this with the Application Intelligence Platform). Over time, your team will be able to establish secure architecture components that should handle all sensitive data.
Following Best Practices to Achieve Application Security & Reduce Risk