https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/58023#M6135 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/311867713">@denbesten</a>&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1420085895">@Robert956</a> You both missed one important aspect "licensing" and maintaining those conditions, which can get you into a whole heap of issues.&nbsp; In my organisation, we have complete courses, and mandatory education in order to allow developers to use them, produce Open Source software etc.</P><P>&nbsp;</P><P>It is a major aspect, as well as security &amp; privacy by design controls, before anything is released etc.</P><P>&nbsp;</P><P>The other aspect is DevSecOps and supply chain issues too.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Wed, 22 Mar 2023 20:16:38 GMT Caute_cautim 2023-03-22T20:16:38Z https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/57988#M6129 <P>Hi All</P><P>&nbsp;</P><P>Have you ever wondered why Banks and financial institutions use so much Open Source Software internally?&nbsp;</P><P>&nbsp;</P><P>Open source is everywhere. Over 90% of organisations in the UK use open source components in their software, including the financial sector. FINOS’ 2022 State of Open Source in Financial Services report made it clear in particular just how rapidly open source software is proliferating in the sector.&nbsp; However, recent cyberattacks demonstrate the risk these companies run of losing billions of pounds if they don’t manage their software supply chains.</P><P>&nbsp;</P><P><A href="https://www.finextra.com/blogposting/23919/open-source-security-is-critical-for-financial-institutions?" target="_blank" rel="noopener">https://www.finextra.com/blogposting/23919/open-source-security-is-critical-for-financial-institutions?</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:28:50 GMT https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/57988#M6129 Caute_cautim 2023-10-09T10:28:50Z https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/57998#M6132 <P><SPAN>Open Source Software (OSS) is becoming increasingly popular in the banking industry because it offers numerous advantages such as cost savings, flexibility, security, and innovation. Banks can use OSS to build and customize their own solutions, integrate with other systems, and collaborate with other developers and institutions. Additionally, OSS provides greater transparency, accountability, and community support, which can help banks to better serve their customers and meet regulatory requirements. However, implementing and managing OSS requires careful planning, evaluation, and monitoring to ensure compatibility, reliability, and compliance with legal and ethical standards.</SPAN></P> Wed, 22 Mar 2023 08:07:39 GMT https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/57998#M6132 Robert956 2023-03-22T08:07:39Z https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/58021#M6134 <P>Putting on my security beanie, I do not view OSS and commercial software any differently.&nbsp; The goals are the same....</P><P>&nbsp;</P><OL><LI>Prefer popular software (to increase the odds that others find the bugs).</LI><LI>Try to standardize across the entire company (to minimize attack surface).</LI><LI>Stay current on patches.</LI><LI>Purchase support when Management cares about MTTR.</LI><LI>Judge the supplier's based on their patch cadence and vulnerability response, both current and historical.</LI></OL> Wed, 22 Mar 2023 17:56:46 GMT https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/58021#M6134 denbesten 2023-03-22T17:56:46Z https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/58023#M6135 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/311867713">@denbesten</a>&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1420085895">@Robert956</a> You both missed one important aspect "licensing" and maintaining those conditions, which can get you into a whole heap of issues.&nbsp; In my organisation, we have complete courses, and mandatory education in order to allow developers to use them, produce Open Source software etc.</P><P>&nbsp;</P><P>It is a major aspect, as well as security &amp; privacy by design controls, before anything is released etc.</P><P>&nbsp;</P><P>The other aspect is DevSecOps and supply chain issues too.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Wed, 22 Mar 2023 20:16:38 GMT https://community.isc2.org/t5/Industry-News/Open-Source-Software-and-Banks/m-p/58023#M6135 Caute_cautim 2023-03-22T20:16:38Z