In partnership with Mend, the Fintech Open Source Foundation (FINOS) recently published its report, “The 2022 State of Open Source in Financial Services.” The report serves up a set of fascinating insights into the pace of open source adoption in the financial services sector. From optimizing benefits to overcoming obstacles, the report provides a valuable snapshot of open source software adoption in finance. Here’s a quick look at the report’s key findings.
More than 20 financial institutions established Open Source Program Offices (OSPOs) in 2022. The financial services industry reacted more swiftly and efficiently than any other industry to the threat of Log4Shell to secure its software supply chains. Also, numerous open source fintech startups launched, regulators across the world have become more open to collaboration, and established industry consortia are now recognizing open source as the way to drive real adoption for their standards.
Open source software is most commonly used by the financial services sector in four ways:
There is a tremendous amount of value “locked up” in this data, hence the interest in open source tools that can unlock the stored potential.
According to survey results, open source software provides increased agility, productivity, cost savings, and innovative technical capabilities, while vendor lock-in. Additionally, actively contributing to open source software improves institutions’ understanding of security and reassures them that their open source is secure.
Inevitably, security and regulatory compliance is a top priority in the financial services sector. Organizations must have clear and effective policies relating to the consumption of open source software and components. Indeed, 48 percent of respondents strongly agreed that improving security is a top reason their organization should contribute to open source, up from 28 percent in 2021.
Owing to the large volume of dependencies in open source, some respondents said that any security solution must be baked into an organization’s software development lifecycle (SDLC) so that security measures are automatically triggered to be efficient. There has also been an increased interest in the use of standards such as the software bill of materials (SBOMs) across the overall software supply chain to catalog, identify, and help mitigate vulnerabilities within open source.
While only 33 percent of respondents were extremely confident that components they consume are maintained and up to date, that’s a significant increase from 2021, when only 19 percent of respondents were extremely confident. Meanwhile, a further 36 percent reported being somewhat confident on this issue.
Other significant considerations are the choice of components, when to update, and how to manage license obligations. Furthermore, open source consumption policy needs to be better supported with tooling, education, and guidelines. Respondents also pointed to the need for investment in operational issues, such as legal, compliance, security, and tooling.
Leadership is another important consideration for laying successful open source adoption. The survey indicated that firms with an OSPO or visible open source leader are better able to address challenges and far more likely to openly encourage both consumption (62 percent vs. 29 percent) and contribution (41 percent vs.14 percent) while improving overall perception of open source usage.
The report observed that, by actively participating in open source, organizations demonstrate that they invest in supporting talent. Organizations can also interact with potential hires in the project’s community and get a preview of how prospective candidates engage with others, leading to both better fits in the hiring process, and aiding in talent retention. The report noted that organizations typically active in open source communities recognize that the users or consumers of their firm’s technology stack, such as developers, engineers, and architects, are stakeholders in the organization’s success. Retaining these stakeholders and growing their skills is a key opportunity to stay competitive in today’s market.
Despite the financial service industry’s innate conservatism, its highly regulated environment, and need for stringent security, open source consumption continues to increase. Moreover, now that there’s a brighter spotlight on open source security in all industries, it is a good time for the financial services industry to focus on open source consumption and contribution. There is still more to do for the industry to derive the most value from open source, but it’s on the right track, and its future in the sector looks positive.