SlideShare a Scribd company logo
1
Empowering Financial
Institutions to Use Open
Source With Confidence
James McLeod Jeff Crum
Director of Community Senior Director of Product Marketing
FINOS WhiteSource
finos.orgFintech Open Source Foundation
Financial
services future
will be open
source and real
time.”
Chris Skinner
(The Finanser)
Photo & Quote: BBVA 2017
“
finos.orgFintech Open Source Foundation
Commits by financial institutions355,508
Repos from financial institutions44,996
24,751 Committers from industry
Source:
finos.orgFintech Open Source Foundation
OSS
VALUE
(Why?)
OSS
CHALLENGES
(How?)
DECISION MAKERS ENABLEMENT
LINE OF BUSINESS ENABLEMENT
WHY
OPEN SOURCE?
Business Value of
OSS Engagement
WHAT TO
OPEN SOURCE?
Identity “Value Line”, OSS
Commercialization Tactics
LEGAL
Contribution Policy,
CLAs, License
CULTURAL
Cultural,
Community RoE
TECHNICAL
OSS Supply Chain
DevOps Workflow
Open Source in Regulated Industries Is Not Easy
Member Success
initiative
Open Source Readiness
Program
Open Developer Platform
World-Class OSS
legal and Technical Experts
HOW CAN FINOS HELP?
finos.orgFintech Open Source Foundation
Traditional Solution Oriented Business Models
5
PRODUCTION DISTRIBUTION MARKETING CONSUMER
In traditional business models
Value creation Is linear and one-way
finos.orgFintech Open Source Foundation
A Linear Delivery Path with Increased Cycle Times
Development
Integration Test
Quality Testing
Security Testing
UAT & Route to Live
TESTS FAIL
TESTS FAIL
TESTS FAIL
TESTS FAIL
▪ Waterfall follows a linear
delivery path
▪ Failure Results in Delay
and Long Cycle Times
finos.orgFintech Open Source Foundation
Platforms Thrive in an Open ecosystem
7
In Platform business models
Value creation is two-way and continuous
Logos are © and (™) of their respective owners
PLATFORM ECOSYSTEM
finos.orgFintech Open Source Foundation
DevOps Equals Agile, Automation and Culture
https://marketplace-cdn.atlassian.com/s/public/devops-hero-1-87966cfbc9c5713ae047551c7b22985c.png
finos.orgFintech Open Source Foundation
Need Proof? Open = Disruptive innovation
Google Opens
specs for
Map Reduce
2004
BIG DATA
Amazon launches
AWS based on
Xen, Linux,
Dynamo
2006
CLOUD
First release of
MongoDB
2007
NOSQL
Satoshi
releases 0.1
of Bitcoin
2008
BLOCKCHAIN
Facebook
contributes
Cassandra
to Apache
2009
NOSQL
Yahoo
contributes
Hadoop to
Apache
2011
BIG DATA
Node.js
joins the
Linux
Foundation
2015
MODERN
DEV
Google
open sources
TensorFlow
2016
MACHINE
LEARNING
10
So how can you shift left security
successfully?
How left can
you go?
11
Shifting left
the right tools
Who owns it?
1 2 3
12
1How left can
you go?
13
When is the optimal point to integrate
security checks into the SDLC?
PLAN CODE BUILD MAINT.DEPLOY
14
Detecting Issues as Early as Possible Has
Multiple Benefits
Coding
$80/Defect
Build
$240/Defect
QA &
Security
$960/Defect
Production
$7,600/Defect
The cost of fixing security and quality issues is rising significantly, as the
development cycle advances.
15
66% of companies have already implemented
application testing during or even pre-build stage
In what stage of the SDLC do you spend most of
your time implementing security measures?
16
In what stage of the SDLC do you spend most of your time implementing security measures, by open source usage?
The higher usage for open source, the more likely that
developers would implement application security tools
17
2Who owns it?
If the goal is to integrate security pre-build, then who
should own application security in the organization?
of the respondents stated that the
ownership over AppSec lies in the
software development side
72%
20%
28%
23%
29%
19
Research shows organizations of all sizes are shifting
their operational security to software development
teams
Who owns security in your organization, by company size?
20
Companies are investing in secure coding training more
than ever before
of developers say that their company
provides them with security training that
helps them code better.
36%
21
3Shifting left
with the right
tools
22
Both teams need security tools, but in order to shift left security you need to empower
your developers.
What are the “right” tools?
Governance solutions Developers tools
Used by security teams and management
to get full visibility and control over the
security risks in their software
Used by developers to
remediate vulnerabilities
23
Each Have Different Requirements
▪ Visibility and control
through automation
▪ Reports, prioritization and
policy enforcement
▪ Information on issues and
remediation support
▪ Integration with dev tools,
real-time alerts and
remediation insights
GOAL
FEATURES
Governance solutions Developers tools
How left can
you go?
24
Shifting left
the right tools
Who owns it?
1 2 3
finos.orgFintech Open Source Foundation
Vision for a Fintech Open Developer Platform
25
METRICS & REPORTINGWEB CONFERENCINGMAILING LISTSWIKI
SYMPHONY
(ReST API)
SYMPHONY
(Extension API)
FINTECH
OPEN DATA
High Productivity Turnkey Developer Experience
SOFTWARE
CONTRIBUTORS
SOFTWARE
CONSUMERS
SYMPHONY
(Integration webhooks)
Biz & Legal Peace Of Mind - We Do The Hard Part!
FINTECH
OPEN APIS
CLOUD
OPEN APIS
CODE
HOSTING
Github Travis CI
CONTINUOUS
INTEGRATION
CONTINUOUS
DELIVERY
Openshift
RELEASE
PUBLISHING
Maven central,
NPM, NuGetWhitesource
SECURITY, QUALITY,
IP COMPLIANCE
Atlassian Confluence Google Groups WebEx
Hosted Platforms
Development Infrastructure
Collaboration Services
Future partnerships and contributions
Bitergia
finos.orgFintech Open Source Foundation
26
colineberhardt.github.io/cla-bot
Pull Request Made to a FINOS GitHub Repository
finos.orgFintech Open Source Foundation
27
CLA Bot Gives Real Time Licensing Feedback
finos.orgFintech Open Source Foundation
28
Building and Testing Triggered by Pull Request
finos.orgFintech Open Source Foundation
29
DevSecOps with Automated Vulnerability Testing
▪ Build if tests pass
▪ Alert if tests fail
finos.orgFintech Open Source Foundation
30
Real Time Dependency Vulnerability Testing
finos.orgFintech Open Source Foundation
31
Vulnerability Reporting at File Dependency Level
finos.orgFintech Open Source Foundation
32
Merging and K8 Deployment at Tests Passed
finos.orgFintech Open Source Foundation
33
finos.org/odp/docs > Development Infrastructure > Code Validation
Multi Language ODP Validation Tools Matrix
finos.orgFintech Open Source Foundation
34
Following the Open Source Compliance Pattern
The functional components of an Open Source compliance toolchain
produced by the Open Source Tooling group of the OpenChain Project
finos.orgFintech Open Source Foundation
Community
Open Ecosystem
THE OPEN PLATFORM
Openness Enables Thriving Ecosystems
35
Value Line
NETWORK CONTENT APP
Open Standards
(Open API)
PLATFORM VENDOR END USER / INTEGRATOR
,
Semi-Open Ecosystem,
Lower CAC,
Easy integration
Reduced vendor lock-in,
solutions reuse,
influence via standards groups
Finos.org
Value is in the ecosystem, Platform is just an enabler
Open
Source
Fully Open Ecosystem,
Focus on Core IP,
cheaper Go-to-Market,
broad talent pool,
Community input / contributions
No vendor lock-in,
influence via contribution,
lower overall software TCO,
talent acquisition and retention,
security by many eyeballs
Open Standards ensure
high longevity for open
source software
Open Source enables
faster standard adoption
and iterations
finos.orgFintech Open Source Foundation
Q&A

More Related Content

What's hot

The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
DevOps.com
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Pentest as a Service Impact 2020
Pentest as a Service Impact 2020Pentest as a Service Impact 2020
Pentest as a Service Impact 2020
DevOps.com
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
Archana Joshi
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
James Wickett
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
VMware Tanzu
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
Franklin Mosley
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
Veritis Group, Inc
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Erkang Zheng
 
DevSecOps outline
DevSecOps outlineDevSecOps outline
DevSecOps outline
Nickleus Jimenez
 
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
Stefan Streichsbier
 

What's hot (20)

The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
Pentest as a Service Impact 2020
Pentest as a Service Impact 2020Pentest as a Service Impact 2020
Pentest as a Service Impact 2020
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 
DevSecOps outline
DevSecOps outlineDevSecOps outline
DevSecOps outline
 
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
 

Similar to Empowering Financial Institutions to Use Open Source With Confidence

Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
Jerika Phelps
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
Black Duck by Synopsys
 
[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World
WSO2
 
201704 - An Introduction to the Symphony Software Foundation
201704 - An Introduction to the Symphony Software Foundation201704 - An Introduction to the Symphony Software Foundation
201704 - An Introduction to the Symphony Software Foundation
Symphony Software Foundation
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyYou Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
Black Duck by Synopsys
 
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de ValorSoluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
WSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 
Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016
Gil Yehuda
 
2014 Liferay Roadshow Ambientia Finland
2014  Liferay Roadshow Ambientia Finland2014  Liferay Roadshow Ambientia Finland
2014 Liferay Roadshow Ambientia Finland
Ruud Kluivers
 
Era of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API StrategyEra of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API Strategy
Bala Iyer
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
DevOps.com
 
Building Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of CollaborationBuilding Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of Collaboration
WSO2
 
Cisco & Open Source
Cisco & Open SourceCisco & Open Source
Cisco & Open Source
Lauren Cooney
 
The state of the art of agile
The state of the art of agileThe state of the art of agile
The state of the art of agile
AgileKoreaConference Alliance
 
BUDDY White Paper
BUDDY White PaperBUDDY White Paper
BUDDY White Paper
Achmad Surya Afandy
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than Technology
CA Technologies
 
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamOpen Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Black Duck by Synopsys
 
201808 - An introduction to FINOS, the Fintech Open Source Foundation
201808 - An introduction to FINOS, the Fintech Open Source Foundation201808 - An introduction to FINOS, the Fintech Open Source Foundation
201808 - An introduction to FINOS, the Fintech Open Source Foundation
FINOS
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...
Jonah Kowall
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 

Similar to Empowering Financial Institutions to Use Open Source With Confidence (20)

Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World
 
201704 - An Introduction to the Symphony Software Foundation
201704 - An Introduction to the Symphony Software Foundation201704 - An Introduction to the Symphony Software Foundation
201704 - An Introduction to the Symphony Software Foundation
 
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyYou Can’t Live Without Open Source - Results from the Open Source 360 Survey
You Can’t Live Without Open Source - Results from the Open Source 360 Survey
 
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de ValorSoluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016
 
2014 Liferay Roadshow Ambientia Finland
2014  Liferay Roadshow Ambientia Finland2014  Liferay Roadshow Ambientia Finland
2014 Liferay Roadshow Ambientia Finland
 
Era of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API StrategyEra of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API Strategy
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Building Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of CollaborationBuilding Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of Collaboration
 
Cisco & Open Source
Cisco & Open SourceCisco & Open Source
Cisco & Open Source
 
The state of the art of agile
The state of the art of agileThe state of the art of agile
The state of the art of agile
 
BUDDY White Paper
BUDDY White PaperBUDDY White Paper
BUDDY White Paper
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than Technology
 
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamOpen Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam
 
201808 - An introduction to FINOS, the Fintech Open Source Foundation
201808 - An introduction to FINOS, the Fintech Open Source Foundation201808 - An introduction to FINOS, the Fintech Open Source Foundation
201808 - An introduction to FINOS, the Fintech Open Source Foundation
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 

More from WhiteSource

Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
WhiteSource
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure Culture
WhiteSource
 
Deep Dive into Container Security
Deep Dive into Container SecurityDeep Dive into Container Security
Deep Dive into Container Security
WhiteSource
 
Fire alarms vs. Fire hoses: Keeping up with Dependencies
Fire alarms vs. Fire hoses: Keeping up with DependenciesFire alarms vs. Fire hoses: Keeping up with Dependencies
Fire alarms vs. Fire hoses: Keeping up with Dependencies
WhiteSource
 
DevSecOps: Closing the Loop from Detection to Remediation
DevSecOps: Closing the Loop from Detection to RemediationDevSecOps: Closing the Loop from Detection to Remediation
DevSecOps: Closing the Loop from Detection to Remediation
WhiteSource
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
WhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
WhiteSource
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
Automating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSourceAutomating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
 
Top Open Source Licenses Explained
Top Open Source Licenses ExplainedTop Open Source Licenses Explained
Top Open Source Licenses Explained
WhiteSource
 
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarFind Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
WhiteSource
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarFind Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
 
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource WebinarStrategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
WhiteSource
 
How temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combinedHow temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combined
WhiteSource
 

More from WhiteSource (20)

Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure Culture
 
Deep Dive into Container Security
Deep Dive into Container SecurityDeep Dive into Container Security
Deep Dive into Container Security
 
Fire alarms vs. Fire hoses: Keeping up with Dependencies
Fire alarms vs. Fire hoses: Keeping up with DependenciesFire alarms vs. Fire hoses: Keeping up with Dependencies
Fire alarms vs. Fire hoses: Keeping up with Dependencies
 
DevSecOps: Closing the Loop from Detection to Remediation
DevSecOps: Closing the Loop from Detection to RemediationDevSecOps: Closing the Loop from Detection to Remediation
DevSecOps: Closing the Loop from Detection to Remediation
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
 
Automating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSourceAutomating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSource
 
Top Open Source Licenses Explained
Top Open Source Licenses ExplainedTop Open Source Licenses Explained
Top Open Source Licenses Explained
 
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource Webinar
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarFind Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarFind Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
 
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource WebinarStrategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
 
How temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combinedHow temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combined
 

Recently uploaded

Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Peter Caitens
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
The Third Creative Media
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
kgyxske
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
narinav14
 
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
kalichargn70th171
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Luigi Fugaro
 
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
OnePlan Solutions
 
ppt on the brain chip neuralink.pptx
ppt  on   the brain  chip neuralink.pptxppt  on   the brain  chip neuralink.pptx
ppt on the brain chip neuralink.pptx
Reetu63
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
How GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdfHow GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdf
Zycus
 
Beginner's Guide to Observability@Devoxx PL 2024
Beginner's  Guide to Observability@Devoxx PL 2024Beginner's  Guide to Observability@Devoxx PL 2024
Beginner's Guide to Observability@Devoxx PL 2024
michniczscribd
 

Recently uploaded (20)

Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
 
bgiolcb
bgiolcbbgiolcb
bgiolcb
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
 
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
 
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
 
ppt on the brain chip neuralink.pptx
ppt  on   the brain  chip neuralink.pptxppt  on   the brain  chip neuralink.pptx
ppt on the brain chip neuralink.pptx
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
How GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdfHow GenAI Can Improve Supplier Performance Management.pdf
How GenAI Can Improve Supplier Performance Management.pdf
 
Beginner's Guide to Observability@Devoxx PL 2024
Beginner's  Guide to Observability@Devoxx PL 2024Beginner's  Guide to Observability@Devoxx PL 2024
Beginner's Guide to Observability@Devoxx PL 2024
 

Empowering Financial Institutions to Use Open Source With Confidence

  • 1. 1 Empowering Financial Institutions to Use Open Source With Confidence James McLeod Jeff Crum Director of Community Senior Director of Product Marketing FINOS WhiteSource
  • 2. finos.orgFintech Open Source Foundation Financial services future will be open source and real time.” Chris Skinner (The Finanser) Photo & Quote: BBVA 2017 “
  • 3. finos.orgFintech Open Source Foundation Commits by financial institutions355,508 Repos from financial institutions44,996 24,751 Committers from industry Source:
  • 4. finos.orgFintech Open Source Foundation OSS VALUE (Why?) OSS CHALLENGES (How?) DECISION MAKERS ENABLEMENT LINE OF BUSINESS ENABLEMENT WHY OPEN SOURCE? Business Value of OSS Engagement WHAT TO OPEN SOURCE? Identity “Value Line”, OSS Commercialization Tactics LEGAL Contribution Policy, CLAs, License CULTURAL Cultural, Community RoE TECHNICAL OSS Supply Chain DevOps Workflow Open Source in Regulated Industries Is Not Easy Member Success initiative Open Source Readiness Program Open Developer Platform World-Class OSS legal and Technical Experts HOW CAN FINOS HELP?
  • 5. finos.orgFintech Open Source Foundation Traditional Solution Oriented Business Models 5 PRODUCTION DISTRIBUTION MARKETING CONSUMER In traditional business models Value creation Is linear and one-way
  • 6. finos.orgFintech Open Source Foundation A Linear Delivery Path with Increased Cycle Times Development Integration Test Quality Testing Security Testing UAT & Route to Live TESTS FAIL TESTS FAIL TESTS FAIL TESTS FAIL ▪ Waterfall follows a linear delivery path ▪ Failure Results in Delay and Long Cycle Times
  • 7. finos.orgFintech Open Source Foundation Platforms Thrive in an Open ecosystem 7 In Platform business models Value creation is two-way and continuous Logos are © and (™) of their respective owners PLATFORM ECOSYSTEM
  • 8. finos.orgFintech Open Source Foundation DevOps Equals Agile, Automation and Culture https://marketplace-cdn.atlassian.com/s/public/devops-hero-1-87966cfbc9c5713ae047551c7b22985c.png
  • 9. finos.orgFintech Open Source Foundation Need Proof? Open = Disruptive innovation Google Opens specs for Map Reduce 2004 BIG DATA Amazon launches AWS based on Xen, Linux, Dynamo 2006 CLOUD First release of MongoDB 2007 NOSQL Satoshi releases 0.1 of Bitcoin 2008 BLOCKCHAIN Facebook contributes Cassandra to Apache 2009 NOSQL Yahoo contributes Hadoop to Apache 2011 BIG DATA Node.js joins the Linux Foundation 2015 MODERN DEV Google open sources TensorFlow 2016 MACHINE LEARNING
  • 10. 10 So how can you shift left security successfully?
  • 11. How left can you go? 11 Shifting left the right tools Who owns it? 1 2 3
  • 13. 13 When is the optimal point to integrate security checks into the SDLC? PLAN CODE BUILD MAINT.DEPLOY
  • 14. 14 Detecting Issues as Early as Possible Has Multiple Benefits Coding $80/Defect Build $240/Defect QA & Security $960/Defect Production $7,600/Defect The cost of fixing security and quality issues is rising significantly, as the development cycle advances.
  • 15. 15 66% of companies have already implemented application testing during or even pre-build stage In what stage of the SDLC do you spend most of your time implementing security measures?
  • 16. 16 In what stage of the SDLC do you spend most of your time implementing security measures, by open source usage? The higher usage for open source, the more likely that developers would implement application security tools
  • 18. If the goal is to integrate security pre-build, then who should own application security in the organization? of the respondents stated that the ownership over AppSec lies in the software development side 72% 20% 28% 23% 29%
  • 19. 19 Research shows organizations of all sizes are shifting their operational security to software development teams Who owns security in your organization, by company size?
  • 20. 20 Companies are investing in secure coding training more than ever before of developers say that their company provides them with security training that helps them code better. 36%
  • 22. 22 Both teams need security tools, but in order to shift left security you need to empower your developers. What are the “right” tools? Governance solutions Developers tools Used by security teams and management to get full visibility and control over the security risks in their software Used by developers to remediate vulnerabilities
  • 23. 23 Each Have Different Requirements ▪ Visibility and control through automation ▪ Reports, prioritization and policy enforcement ▪ Information on issues and remediation support ▪ Integration with dev tools, real-time alerts and remediation insights GOAL FEATURES Governance solutions Developers tools
  • 24. How left can you go? 24 Shifting left the right tools Who owns it? 1 2 3
  • 25. finos.orgFintech Open Source Foundation Vision for a Fintech Open Developer Platform 25 METRICS & REPORTINGWEB CONFERENCINGMAILING LISTSWIKI SYMPHONY (ReST API) SYMPHONY (Extension API) FINTECH OPEN DATA High Productivity Turnkey Developer Experience SOFTWARE CONTRIBUTORS SOFTWARE CONSUMERS SYMPHONY (Integration webhooks) Biz & Legal Peace Of Mind - We Do The Hard Part! FINTECH OPEN APIS CLOUD OPEN APIS CODE HOSTING Github Travis CI CONTINUOUS INTEGRATION CONTINUOUS DELIVERY Openshift RELEASE PUBLISHING Maven central, NPM, NuGetWhitesource SECURITY, QUALITY, IP COMPLIANCE Atlassian Confluence Google Groups WebEx Hosted Platforms Development Infrastructure Collaboration Services Future partnerships and contributions Bitergia
  • 26. finos.orgFintech Open Source Foundation 26 colineberhardt.github.io/cla-bot Pull Request Made to a FINOS GitHub Repository
  • 27. finos.orgFintech Open Source Foundation 27 CLA Bot Gives Real Time Licensing Feedback
  • 28. finos.orgFintech Open Source Foundation 28 Building and Testing Triggered by Pull Request
  • 29. finos.orgFintech Open Source Foundation 29 DevSecOps with Automated Vulnerability Testing ▪ Build if tests pass ▪ Alert if tests fail
  • 30. finos.orgFintech Open Source Foundation 30 Real Time Dependency Vulnerability Testing
  • 31. finos.orgFintech Open Source Foundation 31 Vulnerability Reporting at File Dependency Level
  • 32. finos.orgFintech Open Source Foundation 32 Merging and K8 Deployment at Tests Passed
  • 33. finos.orgFintech Open Source Foundation 33 finos.org/odp/docs > Development Infrastructure > Code Validation Multi Language ODP Validation Tools Matrix
  • 34. finos.orgFintech Open Source Foundation 34 Following the Open Source Compliance Pattern The functional components of an Open Source compliance toolchain produced by the Open Source Tooling group of the OpenChain Project
  • 35. finos.orgFintech Open Source Foundation Community Open Ecosystem THE OPEN PLATFORM Openness Enables Thriving Ecosystems 35 Value Line NETWORK CONTENT APP Open Standards (Open API) PLATFORM VENDOR END USER / INTEGRATOR , Semi-Open Ecosystem, Lower CAC, Easy integration Reduced vendor lock-in, solutions reuse, influence via standards groups Finos.org Value is in the ecosystem, Platform is just an enabler Open Source Fully Open Ecosystem, Focus on Core IP, cheaper Go-to-Market, broad talent pool, Community input / contributions No vendor lock-in, influence via contribution, lower overall software TCO, talent acquisition and retention, security by many eyeballs Open Standards ensure high longevity for open source software Open Source enables faster standard adoption and iterations