CASE STUDY
Huf Group is a global leader in secure access and authorization systems, serving nearly all car manufacturers worldwide with cutting-edge innovations and products that enhance comfort.
CAST Highlight enabled Huf Group to automatically monitor all Common Vulnerabilities and Exposures (CVEs), anticipate potential future vulnerabilities, and create a Software Bill of Materials (SBOM).
With CAST, we were able to implement our projects much faster and more precisely.
Head of Software Platform
to setup the product and start seeing actionable insights
managed automatically for controlling security and license risks
Challenge
Huf Group acts as an original equipment manufacturer (OEM) for many global car manufacturers. Due to potential cybersecurity and licensing conflicts, their clients requested a Software Bill of Materials (SBOM) for the software developed for embedded systems.
The challenge was gaining an overview of the external components that may have been incorporated into their products, which could potentially expose their clients to security risks.
Risks that need to be closely monitored include Common Vulnerabilities & Exposures (CVEs) that could leave the software open to attack, copyright and licensing issues that could result in legal or financial liabilities, and components embedded in chips, which may introduce security vulnerabilities or compliance concerns.
Solution
Huf Group’s Head of Software Platform evaluated several providers using an assortment of industry-related FOSS components.
To assess its security and compliance capabilities, Huf Group employed CAST Highlight to analyze this benchmarking package. Once CAST Highlight's capabilities were validated, Huf Group proceeded with additional applications.
Within a few hours, the product was fully operational. The source code of the applications was analyzed without leaving Huf Group's premises. The analysis results were then uploaded to CAST Highlight, where dashboards displayed all security vulnerabilities at both the portfolio and application levels, along with a detailed list of findings for each application.
Results
With CAST Highlight, Huf Group can now automatically monitor all Common Vulnerabilities & Exposures (CVEs) and anticipate potential future vulnerabilities by identifying weaknesses that have not yet been officially reported in their applications and the underlying OS.
Additionally, CAST Highlight’s pricing model, based on the number of applications covered rather than the number of developers working on them, is both cost-effective and convenient for Huf Group’s day-to-day management.
Finally, automatic and rapid SBOM creation benefits both Huf Group and its clients by identifying and avoiding known vulnerabilities, while also quantifying and managing license exposures.