New York and Paris, October 27, 2021 - The ubiquitous use of open-source components in custom-built applications creates intellectual property and security risks for business owners and corporate legal teams. CAST Highlight provides an effective, fast-rollout alternative or complement to traditional SCA products for controlling the risks inherent in open-source software across entire application portfolios.
Today, CAST is enhancing CAST Highlight with an innovative capability specifically designed for legal officers, security officers, and application business owners.
Application Portfolio Advisor for Open Source
The new Portfolio Advisor for Open Source is built right into CAST Highlight. It automatically prioritizes the actions to take for addressing the most severe licensing risks and security vulnerabilities across the portfolio, based on the business impact of each application and analysis of where the risky licensing and critical security vulnerabilities reside. It also automatically guides legal, security, and software experts on which alternative open-source components are safer to use within the context of their application portfolio.
Open-source “Control Tower”. Operational in weeks.
Deploying CAST Highlight as the “control tower” across an organization can be done in a few weeks. It does not require every developer to be trained and properly use a tool on their workstations, which can take years to rollout and may still be bypassed. CAST Highlight plugs directly into source code repositories and aggregates the results of the analysis across all applications into intuitive dashboards - the “control tower”, allowing legal, security, and operations experts to make informed decisions engaging developers only when needed.
The latest release of CAST Highlight adds out-of-the box support for automated analysis of GitHub, in addition to automated scanning of BitBucket, Azure DevOps, and other common repositories.
Staying Ahead of the Curve
Traditional SCA products primarily detect vulnerabilities already reported in the National Vulnerability Database (NVD). Open-source code continually changes and it can take months for new vulnerabilities to be captured in the NVD. CAST uses its exclusive “MRI for Software” to automatically analyze the source code of most popular open-source components as soon as they change, enabling its clients to intercept emerging vulnerabilities much earlier than traditional SCA products can, and always keeping them ahead of the curve.
CAST Highlight for SCA is available as an annual subscription from $20,000 to $240,000 for 25 to 1000 applications respectively, regardless of number of developers. This enterprise-wide view approach allows CAST to bring open-source risks control to the market at a much lower cost than traditional SCA products running on developer workstations.
CAST is the pioneer and category leader in Software Intelligence, providing insight into the structural condition of software assets. CAST technology is renowned as the most accurate “MRI for Software”, which delivers actionable insights into software composition, architectures, database structures, critical flaws, quality grades, cloud readiness levels and work effort metrics. It is used globally by thousands of forward-looking digital leaders to make objective decisions, accelerate modernization, and raise the security and resiliency of mission critical software. Visit castsoftware.com. Contact Stephanie Watkins at firstname.lastname@example.org.