Skip to main content

CAST introduces a smarter, simpler SCA approach to control open-source risks

Written by Customer Service on . Posted in Public Companies.

NEW YORK and PARIS, Oct. 27, 2021 (GLOBE NEWSWIRE) — The ubiquitous use of open-source components in custom-built applications creates intellectual property and security risks for business owners and corporate legal teams. CAST Highlight provides an effective, fast-rollout alternative or complement to traditional SCA products for controlling the risks inherent in open-source software across entire application portfolios.

Today, CAST is enhancing CAST Highlight with an innovative capability specifically designed for legal officers, security officers, and application business owners.

Application Portfolio Advisor for Open Source

The new Portfolio Advisor for Open Source is built right into CAST Highlight. It automatically prioritizes the actions to take for addressing the most severe licensing risks and security vulnerabilities across the portfolio, based on the business impact of each application and analysis of where the risky licensing and critical security vulnerabilities reside. It also automatically guides legal, security, and software experts on which alternative open-source components are safer to use within the context of their application portfolio.

Open-source “Control Tower”. Operational in weeks.

Deploying CAST Highlight as the “control tower” across an organization can be done in a few weeks. It does not require every developer to be trained and properly use a tool on their workstations, which can take years to rollout and may still be bypassed. CAST Highlight plugs directly into source code repositories and aggregates the results of the analysis across all applications into intuitive dashboards – the “control tower”, allowing legal, security, and operations experts to make informed decisions engaging developers only when needed.

The latest release of CAST Highlight adds out-of-the box support for automated analysis of GitHub, in addition to automated scanning of BitBucket, Azure DevOps, and other common repositories.

Staying Ahead of the Curve

Traditional SCA products primarily detect vulnerabilities already reported in the National Vulnerability Database (NVD). Open-source code continually changes and it can take months for new vulnerabilities to be captured in the NVD. CAST uses its exclusive “MRI for Software” to automatically analyze the source code of most popular open-source components as soon as they change, enabling its clients to intercept emerging vulnerabilities much earlier than traditional SCA products can, and always keeping them ahead of the curve.

CAST Highlight for SCA is available as an annual subscription from $20,000 to $240,000 for 25 to 1000 applications respectively, regardless of number of developers. This enterprise-wide view approach allows CAST to bring open-source risks control to the market at a much lower cost than traditional SCA products running on developer workstations.

About CAST

CAST is the pioneer and category leader in Software Intelligence, providing insight into the structural condition of software assets. CAST technology is renowned as the most accurate “MRI for Software”, which delivers actionable insights into software composition, architectures, database structures, critical flaws, quality grades, cloud readiness levels and work effort metrics. It is used globally by thousands of forward-looking digital leaders to make objective decisions, accelerate modernization, and raise the security and resiliency of mission critical software. Visit castsoftware.com. Contact Stephanie Watkins at s.watkins@castsoftware.com.

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.