Our Customer - a large insurer in the US - used CAST AIP to prioritize the list of the applications where the security flaws had to be fixed. CAST was used alongside Veracode to identify flaws missed by Veracode.