Category: Risk & Security

As organizations adopt Software Intelligence to drive business outcomes, they may face challenges from development teams and architects. This is one story of success.
CEO in the Field: “If it was hard to write, it should be hard to understand.”
It doesn’t matter how many days removed we are from sipping champagne, singing "Auld Lang Synge" and making New Year’s resolutions, we still need to look back at 2017, lest we repeat the same mistakes we've already made.
2017: The Year of MotS (More of the Same)
Digital transformation is now a mandate, but it presents an opportunity for CIOs to reposition themselves at the heart of the business.
The Evolving Role of CIOs in the Age of Digital Transformation
CAST provides continuous support for OWASP Top Ten vulnerabilities, providing users with an automated validation of protection. This helps development teams detect places where vulnerabilities are left in code.
Application Security Vulnerability Detection
84% of breaches exploit vulnerabilities in the application layer. Is there a silver bullet for AppSec?
Get Creative with Your Application Security Strategy
As banks, financial services and insurance organizations increase their reliance on software-based digital capabilities, they have big decisions to make on how they will protect business operations with effective software risk management.
QA Financial Forum Reviews the Impact of New Regulations on Software Risk Management
At the upcoming Matinée CIO event in Paris, CAST, along with select partners and customers, will address challenges and best practices for digital transformation initiatives, including compliance, cloud migration, application security and establishing an Agile culture.
CAST Talks AppSec, Compliance and Digital Transformation at Matinée CIO
Software risk is business risk, but who is ultimately responsible? This blog explores insights from the Cutter Consortium on how to de-risk business-critical software systems.
Software Risk is Business Risk
Software today is more complex than it has ever been. New technologies emerge rapidly and as applications evolve to utilize them, gaps occur. Some gaps result in “technical debt”, an industry term to describe development practices where ideal craftsmanship has not been achieved and additional work needs to be done.
CI/CD DevOps: Enhancing Continuous Delivery with Software Intelligence
When you are a consumer credit company, victimized recently by a serious security breach where hackers exploited an application vulnerability to steal the personal information of roughly 143 million people, what do you do for an encore? For Equifax, the encore may be “get hacked a second time.”
An Encore for Equifax?
Insurance companies still spend a lot of money maintaining the infrastructure for their core legacy apps, but migrating some of these apps to a cloud platform could provide significant cost savings.
The State of Cloud Adoption in Insurance – Look Out for Migration Bumps Ahead!
The biggest lesson learned from the Equifax breach is that executives and application owners need a software risk scorecard that clearly outlines KPIs around software structural quality and security.
Lessons from Equifax: Get a Software Risk Scorecard
Open source is the lifeblood of modern software development, but it's not without risks, especially when it comes to application security.
A Good Look at Open Source Frameworks: Avoiding Another Equifax
Knowing the difference between true positives and false positives for Application Security Testing.
Reduce False Positives in Application Security Testing
On June 9th, CAST hosted the event, How to Control Software Risk and Cost in Digital Transformation, in Madrid with CISQ and Dr. Richard Soley, CEO and Chairman of the Object Management Group.
How to Manage Software Risk and Cost in Digital Transformation
Everyone wants to do DevOps like Netflix, but is it really right for your organization?
Netflix Envy
The recent spate of IT glitches and ‘power outages’ at British Airways which caused the UK’s national carrier to cancel all its flights worldwide at the start of May bank holiday along with the WannaCry ransomware attack which ground the National Health Service to a halt have exposed again the importance of IT systems in today’s business. The complexity of these IT systems, the number of vulnerabilities that exist in critical software used by critical infrastructure sectors such as the NHS, airlines, telecom operators has made headlines once more.
Need for Holistic IT Systems’ Risk Assessment
Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
Recap: Software Risk & Innovation Summit 2017
How to choose the right security solution for your AppSec Strategy.
SAST, DAST and IAST - What's the Difference?
At the upcoming Software Risk and Innovation Summit, CIOs address challenges around DevOps and the next big tech innovation trends.
CISQ Is Helping CIOs Master Digital Transformation