CAST introduces a smarter, simpler SCA approach to control open-source risks
27 Oktober 2021 - 4:30PM
The ubiquitous use of open-source components in custom-built
applications creates intellectual property and security risks for
business owners and corporate legal teams. CAST Highlight provides
an effective, fast-rollout alternative or complement to traditional
SCA products for controlling the risks inherent in open-source
software across entire application portfolios.
Today, CAST is enhancing CAST Highlight with an innovative
capability specifically designed for legal officers, security
officers, and application business owners.
Application Portfolio Advisor for Open
Source
The new Portfolio Advisor for Open Source is built right into
CAST Highlight. It automatically prioritizes the actions to take
for addressing the most severe licensing risks and security
vulnerabilities across the portfolio, based on the business impact
of each application and analysis of where the risky licensing and
critical security vulnerabilities reside. It also automatically
guides legal, security, and software experts on which alternative
open-source components are safer to use within the context of their
application portfolio.
Open-source “Control Tower”. Operational in
weeks.
Deploying CAST Highlight as the “control tower” across an
organization can be done in a few weeks. It does not require every
developer to be trained and properly use a tool on their
workstations, which can take years to rollout and may still be
bypassed. CAST Highlight plugs directly into source code
repositories and aggregates the results of the analysis across all
applications into intuitive dashboards - the “control tower”,
allowing legal, security, and operations experts to make informed
decisions engaging developers only when needed.
The latest release of CAST Highlight adds out-of-the box support
for automated analysis of GitHub, in addition to automated scanning
of BitBucket, Azure DevOps, and other common repositories.
Staying Ahead of the Curve
Traditional SCA products primarily detect vulnerabilities
already reported in the National Vulnerability Database (NVD).
Open-source code continually changes and it can take months for new
vulnerabilities to be captured in the NVD. CAST uses its exclusive
“MRI for Software” to automatically analyze the source code of most
popular open-source components as soon as they change, enabling its
clients to intercept emerging vulnerabilities much earlier than
traditional SCA products can, and always keeping them ahead of the
curve.
CAST Highlight for SCA is available as an annual subscription
from $20,000 to $240,000 for 25 to 1000 applications respectively,
regardless of number of developers. This enterprise-wide view
approach allows CAST to bring open-source risks control to the
market at a much lower cost than traditional SCA products running
on developer workstations.
About CAST
CAST is the pioneer and category leader in Software
Intelligence, providing insight into the structural condition of
software assets. CAST technology is renowned as the most accurate
“MRI for Software”, which delivers actionable insights into
software composition, architectures, database structures, critical
flaws, quality grades, cloud readiness levels and work effort
metrics. It is used globally by thousands of forward-looking
digital leaders to make objective decisions, accelerate
modernization, and raise the security and resiliency of mission
critical software. Visit castsoftware.com. Contact Stephanie
Watkins at s.watkins@castsoftware.com.