‘Shift Up’ Observability of Your Custom Software Security Risks and Beyond

Overwhelming complexity in custom software results in costly data breaches with open source and 3rd party component vulnerabilities like the log4j incident being a major culprit. Software Composition Analysis (SCA) technology is designed to help reduce these risks. However, most traditional SCA products are designed for developers and don’t give CISOs and CIOs the visibility they need to confidently make critical decisions and take control of open source and 3rd party component risks across their entire portfolio of software applications. How do you ensure you are covering all of your applications? How do you govern these risks without slowing down your developers?

Complexity is so high, it’s no longer good enough to rely solely on developers to be vigilant. Join this session to learn how some CISOs and CIOs are taking a smarter approach to open source and 3rd party component security risk management by ‘shifting up’ observability with an open source control tower, automatically across all their applications. Get answers to questions like:

  • Do I have new security or IP exposures this month?
  • Are risky components, like log4j, still being used?
  • Who exactly is using the custom framework we built and where?
  • How do I ensure I am ready for Software Bill of Materials (SBOM) requirements and regulations?

Greg Rivera
VP of Product
CAST

As Vice President of Product for CAST Highlight, Greg leads strategy for the CAST SaaS product helping CIOs, CTOs, and software leaders control open source risks, reduce technical debt, accelerate application modernization / cloud migration, and make greener software. He has held technology leadership roles with Fortune 1000 companies such as Microsoft, IDG, and Arrow Electronics for over 25 years. Greg has a B.S. in Electrical Engineering and an M.S. in Management of Technology and is passionate about applying technology to improve business and our everyday lives.

Digital leaders are overwhelmed by the ever-growing complexity of the software underpinning their mission-critical systems, the brains of their business. These custom-built applications are becoming incredibly difficult to adapt to ever-evolving business needs of the business, to the point where it’s no longer possible for humans to keep up.

CAST, the software intelligence leader, provides software that ‘understands’ multi-technology software systems and automatically derives insights about their inner workings-interactions between all its elements, transaction flows, data access paths, changes needed to move to cloud, open-source risks, green impact, ISO 5055 compliance, etc. It is used globally by thousands of digital leaders, helping them make smarter decisions, maintain and transform custom software with greater speed, and exert better ongoing control of the risks involved. Visit castsoftware.com.