Broadridge Financial Solutions creates communications and data & analytics software products that process millions of transactions daily worth trillions of dollars.
CAST Highlight enabled the open source governance team to automatically understand open source risks across their entire application portfolio and automate the approval process.
In 10 minutes, I was able to conditionally approve what previously took days of my time.
Architecture OSRB Member
to approve open-source components that used to take days
analyzed in just a few
managed within the open
source ‘control tower’
Broadridge’s portfolio of 400+ applications that it licenses to its clients depend on 13,000+ unique components many of which are open source.
Managing open source risks such as security vulnerabilities, IP / legal exposures, and obsolete technology was extremely complex and time-consuming for Broadridge. It often took days to approve the use of a single component.
The CIO needed to rapidly implement a comprehensive open source governance program to better manage risks and meet the leadership’s aggressive timeline.
Key goals included: 1.) having a comprehensive view across all applications to satisfy rigorous audit requirements, 2.) automation without disrupting developer productivity.
Broadridge created an Open Source Review Board (OSRB) operated out of the office of the CIO comprised of representatives from across the organization including: legal, architecture, security, and development.
They implemented CAST Highlight to establish an open source ‘control tower’ and perform automated Software Composition Analysis (SCA) to support the OSRB program objectives.
All of their applications were onboarded into CAST Highlight and continuous scanning of each application was automated as part of their CI/CD process. CAST Highlight also enabled them to create an Approved list of open source components and automate the process of approving new components.
With CAST Highlight, Broadridge was able to get a full inventory of their entire portfolio of 400+ applications in just a few weeks. This included both portfolio-level and application-level dashboards detailing all the open source risks across over 13,000 unique components.
The approval process that previously took days to approve a component was cut down to minutes.
The M&A team took notice and decided to adopt CAST Highlight for its technical due diligence process when considering potential software asset acquisitions. The team gained more visibility on possible acquisitions and factored open source risks into the deal terms, ensuring a more accurate valuation of target assets.
CGI Reduces Open Source Risk in a Fraction of the Time with Software Intelligence from CAST Highlight