Security By Design

Le 15 Juin 2016, CAST a organisé un workshop au tour du sujet Security By Design à l’hôtel Hilton, Paris La Défense avec des intervenants de SOLUCOM, ATOS, BNP PARIBAS CARDIF et CAST en présence d’une trentaine de participants du secteur public, finance, énergie, éditeurs de logiciels, etc.
CAST security workshop
La sécurité des applications reste un enjeu majeur à la fois en termes de fréquence, de gravité et d’impact, non seulement pour le business mais également pour le DSI lui-même. Selon l’étude PWC “le nombre de cyber-attaques recensées a progressé en 2015 de 51% en France, alors que les budgets sécurité des entreprises françaises ont augmenté en moyenne de 29%, soit autant que les pertes financières estimées imputables à ces incidents (+ 28%)“. Plus particulièrement, les analystes précisent que les problèmes de sécurité sont à 75% liés à des failles d’architecture logicielle ou le « design » des applications, c’est-à-dire à la manière dont les composants et applications sont interconnectés.

Recap: Software Risk Summit 2016

Panel Discussion at the 2016 Software Risk Summit
Software risk has historically been overlooked as a security concern by business leaders, and companies have paid a high price as a result. Remember the JPMorgan hack of 2014? That cost the bank more than $6 billion. RBS has paid £231 million for their IT failures as of two years ago. The Target breach? The retailer posted a write down of $152 million. Or, more recently, Jeep controls being taken over by hackers, and a similar incident with Toyota-Lexus having to fix a software bug that disabled cars’ GPS and climate control systems? That costs the manufacturers valuable consumer confidence points and can seriously damage sales.
So I was thrilled to know that the topic for the first annual Software Risk Summit in New York was indeed just that, software risk. I had the pleasure of moderating the panel discussion with esteemed guests from BNY Mellon, the Software Engineering Institute at Carnegie Mellon, the Boston Consulting Group and CAST. But beforehand, I was able to sit-in on the keynote by Rana Foroohar.

CAST Releases Application Intelligence Platform (AIP) 8.1

CAST is pleased to announce the release of AIP 8.1, a continuation of the big step forward made in AIP 8.0. AIP 8.1 extends the functionality of Application Intelligence Platform to provide greater technology support, improved reporting and new code viewing capabilities in the Application Engineering Dashboard (AED).
 Java 8 Support
Java 8 is quickly being adopted by Java developers. CAST now fully supports Java 8 and can help you find flaws linked to the use of the very popular Java 8 lambda functions, among others.

Application Security in the Internet of Things

High-capacity network bandwidth has become more widely available, and we have quickly tapped into every last inch of its capacity. More devices are built with wi-fi capabilities, the costs of mobile devices are going down and smartphones are in the hands of more people than ever before. In fact, Apple might have already exhausted the market and is seeing drastically lower sales forecasts for the iPhone.
We are moving into an era in which virtually any device will connect to the Internet. Phones, fitness trackers, dishwashers, televisions, espresso machines, home security systems, cars. The list goes on. Analyst firm Gartner estimates that over 20 billion connectable devices will exist worldwide by 2020. Welcome to IoT—the Internet of Things. A giant network of connectable things.

Adding Measurement to Your Application Outsourcing

A recurring issue for IT and business management is whether it’s best to build an in-house team or outsource the development of software applications. Some of the biggest factors when contemplating application outsourcing are cost, security and loss of control.
Business agility remains a top priority, but this puts added pressure on teams to move fast, and can sometimes lead to rushed projects and a lack of attention to detail. When in-house teams are under tight deadline restrictions, corners can get cut. In fact, most in the developer community agree that outsourcing is the best way to go for timely and on-budget development projects.

Enterprise Architecture as the Gateway to Digital Transformation – Takeaways from the Gartner EA Summit 2016

Last week, CAST attended the Gartner EA Summit, held at National Harbor. It was two days of jam-packed sessions and workshops about Enterprise Architecture, but what stuck out the most was the value of this very unique discipline as a catalyst for Digital Transformation.
EA and Digital Transformation were the core focus of many presentations, including Mike J. Walker’s session “Leverage EA to Understand the Value and Impacts of Digital Disruption.” Mike stressed that this ever-evolving discipline is becoming a vital component to corporate strategy, delivering high-performing and sustainable business outcomes.

What Went Wrong at Google – Software Robustness Remains a Struggle

In April, Google experienced a fairly significant cloud outage, but it was hardly news at all. In fact, it was likely the most widespread outage to hit a major public cloud to-date. The lack of coverage is strange, considering the industry’s watchful eyes like Brian Krebs and others. The even more recent Salesforce service outage seems to have received more attention. But despite the fact that Google seems to have gotten away with a “pass” this time, the glitch brings renewed attention to the fact that tech players large and small are continuing to deal with software robustness issues.
Google Compute Engine was down for a full 18 minutes around the 7 o’clock hour Pacific Time on April 11, disconnecting all users in all regions. This was a Google cloud outage, and the root cause was a network failure. Network outages appear to be an ongoing challenge for Google, this one being the biggest yet.