CAST Positioned as the Leader in the 2022 SPARK Matrix for Software Composition Analysis by Quadrant Knowledge Solutions

• The Quadrant Knowledge Solutions SPARK Matrix provides competitive analysis & ranking of the leading Software Composition Analysis vendors.

• CAST, with its comprehensive technology and customer experience management, has received strong ratings across the parameters of technology excellence and customer impact.

Quadrant Knowledge Solutions announced that it has named CAST as a 2022 technology leader in the SPARK Matrix: Software Composition Analysis, 2022.

The Quadrant Knowledge Solutions’ SPARK Matrix™ includes a detailed analysis of global market dynamics, major trends, vendor landscape, and competitive positioning. The study provides competitive analysis and ranking of the leading technology vendors in the form of its SPARK Matrix^TM. The study offers strategic information for users to evaluate different provider capabilities, competitive differentiation, and market position.

According to Abhishek Anant Garg, Analyst, Quadrant Knowledge Solutions, “CAST software intelligence product, CAST Highlight includes software composition analysis (SCA), which allows organizations to utilize open-source software and third-party code in the proprietary code of their applications. Its ‘Portfolio Advisor for Open Source’ capability enables companies to prioritize the vulnerabilities associated to third party components according to their severity of threats in the application code.” “CAST is capable of handling several numbers of applications across industry verticals, with its comprehensive capabilities, compelling customer references, comprehensive roadmap & vision, and product suite with high scalability, have received strong ratings across technology excellence and customer impact and has been positioned as a leader in the SPARK Matrix: Software Composition Analysis, 2022,” adds Abhishek.

Read More: OpenDrives Bolsters Sales And Product Teams; Scales Latin America Presence

“Deploying CAST Highlight as the open source ‘control tower’ across an organization can be done in a few weeks,” says Rado Nikolov, EVP Software Intelligence Platforms at CAST. Rado added, “It does not rely on each developer properly using an IDE extension. Instead, it plugs directly into source code repositories and aggregates the results of the analysis across all applications into intuitive dashboards – the ‘control tower’, allowing legal, security, and operations experts to make informed decisions and engage developers only when needed.”

Quadrant Knowledge Solutions defines software composition analysis (SCA) software that automate the process of analyzing the in-house applications throughout the application development process for security risks, vulnerabilities and potential quality issues associated with the embedded open-source software (OSS) and other commercial off-the-shelf (COTS) components within the code of the proprietary application. SCA tools typically identify and prioritize risk, alert IT security and development teams, in order to eliminate security risks and concerns before any kind of damage is done. They may also analyze the distribution license of the components to determine any associated legal compliance risks. SCA tools can also have added capabilities for analyzing operational and maintenance risks and project viability.

Read More: SalesTechStar Interview with Neal Hansch, CEO & Managing Partner at Silicon Foundry

The SCA products analyze the embedded OSS and COTS components for vulnerabilities and risks related to security, code quality, license compliance and long-term project viability. The capabilities provided by SCA products includes proprietary and third-party code scanning for embedded OSS and COTS software, vulnerability prioritization, integration into the DevSecOps ecosystem, operational risk management and Software Bill of Materials (SBOM) builder.

SCA products scan the base code as well as the development environment to discover and analyze the open-source codes embedded within the OSS and COTS used. They prioritize the vulnerabilities found in this third-party code depending upon the risk they bring to the software. SCA software can be integrated with the DevSecOps ecosystem from the initial stage of development to the point of deployment and maintenance ensuring security during the entire Software Development Life Cycle (SDLC). It also scans the third-party software for operational risks including maintenance and long-term support to ensure that the software can be serviced for long term without any major changes required. With SBOM builder the SCA software provides the list of all the OSS and COTS software used in the in-house software development and generate a database of these vulnerabilities for audit purposes.