Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎03-21-2023 11:16 PM
‎03-21-2023 11:16 PM

Open Source Software and Banks

Hi All

 

Have you ever wondered why Banks and financial institutions use so much Open Source Software internally? 

 

Open source is everywhere. Over 90% of organisations in the UK use open source components in their software, including the financial sector. FINOS’ 2022 State of Open Source in Financial Services report made it clear in particular just how rapidly open source software is proliferating in the sector.  However, recent cyberattacks demonstrate the risk these companies run of losing billions of pounds if they don’t manage their software supply chains.

 

https://www.finextra.com/blogposting/23919/open-source-security-is-critical-for-financial-institutio...

 

Regards

 

Caute_Cautim

Reply
3 Replies
Robert956
Newcomer I
‎03-22-2023 04:07 AM
‎03-22-2023 04:07 AM

Open Source Software (OSS) is becoming increasingly popular in the banking industry because it offers numerous advantages such as cost savings, flexibility, security, and innovation. Banks can use OSS to build and customize their own solutions, integrate with other systems, and collaborate with other developers and institutions. Additionally, OSS provides greater transparency, accountability, and community support, which can help banks to better serve their customers and meet regulatory requirements. However, implementing and managing OSS requires careful planning, evaluation, and monitoring to ensure compatibility, reliability, and compliance with legal and ethical standards.

Reply
denbesten
Community Champion
‎03-22-2023 01:56 PM
‎03-22-2023 01:56 PM

Putting on my security beanie, I do not view OSS and commercial software any differently.  The goals are the same....

 

  1. Prefer popular software (to increase the odds that others find the bugs).
  2. Try to standardize across the entire company (to minimize attack surface).
  3. Stay current on patches.
  4. Purchase support when Management cares about MTTR.
  5. Judge the supplier's based on their patch cadence and vulnerability response, both current and historical.
Reply
Caute_cautim
Community Champion
‎03-22-2023 04:06 PM
‎03-22-2023 04:06 PM

@denbesten @Robert956 You both missed one important aspect "licensing" and maintaining those conditions, which can get you into a whole heap of issues.  In my organisation, we have complete courses, and mandatory education in order to allow developers to use them, produce Open Source software etc.

 

It is a major aspect, as well as security & privacy by design controls, before anything is released etc.

 

The other aspect is DevSecOps and supply chain issues too.

 

Regards

 

Caute_Cautim

Reply