FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality

•Download as PPTX, PDF•

0 likes•392 views

FinJS London 2016 brings together thought leaders in the fintech, financial services and development spaces. The Foundation's presentation, titled "Leveraging open source in the development process to maximize security, compliance and quality," can be found here for your reference.

Technology

Leveraging open source in the dev
process to maximize security, compliance
& quality
December 7th, FinJS London
Maurizio Pillitu
Devops Director, Symphony Software Foundation
@maoo maoo@symphony.foundation

• Stewardship of Symphony open core
• Hosts Symphony community projects
• Fosters an open ecosystem
• Delivers Symphony as commercial
SaaS
• Supports Symphony open core
• Main contributor to the Symphony
Software Foundation (for now!)
Foundation & Corporation

https://www.blackducksoftware.com/2016-future-of-open-source
65%
Consumption
+5% from 2015
65%
Contribution
+2% from 2015
33%
Commitment
50%
Compliance
2016 - Future of is Open Source
Download, run, test, deploy
code publicly available (to
production?)
Open issues, send patches,
join mailing-list discussions
Commit dedicated
resources to Open
Source development
Define formal policies for
selecting and approving
Open Source code

Consumption Contribution
Your journey to Open Source
“Deliver enterprise-ready
software that adheres to
quality, security and legal
standards imposed by
highly-regulated industry”
“Navigate through the
OSS software offerings;
assess, test, run, then
choose”

Decomposing Compliance
Metrics and
KPIs
Metrics are defined across
3 macro areas; KPIs define
the way metrics are
measured
Measurement
and automation
Measurements are
(preferably automated)
processes that return KPI
values for each metric

Legal
IP cleanliness,
outbound license
consistency, ...
Security
CVE free, OWASP guidelines, ...
Quality
Project liveliness,
documentation, test
coverage, ...
Metrics examples
https://symphonyoss.atlassian.net/wiki

Metric trends for the past
and roadmap for the
future
Stats Docs
Which metrics are
checked and what’s the
current score
Badges
Project green lights
Publish clear instructions
to simplify consumption
Incubating Active Archived
Project Lifecycle

runtime
platform-specific
License compatibility
production
Measurements...
run

myget
Travis CI
Atlassian Cloud
Nodesecurity
… and automation

Advanced challenges
• Limits on hosted projects and/or collaborators
• API rate limits
• Custom metrics and measurements
• Hosted and SaaS hybrid build systems
• Secrets management
• Multi-platform and multi-ecosystem

Filling the gap
between
Compliance and
Consumption
Consumers
● Badges, stats and docs
● High quality, secure, compliant software
● Access to the community
Contributors
● Best of breed Infrastructure
● Metrics, KPIs and automation
● Exposure through the community

Questions?
Maurizio Pillitu
Devops Director, Symphony Software Foundation
@maoo maoo@symphony.foundation
● https://blog.symphony.foundation
● https://symphonyoss.atlassian.net/wiki
symphonyoss on

Learn what is the vision, mission and progress of the Symphony Software Foundation (http://symphony.foundation) and discover the benefits for your organization to join the Foundation. Help us build the most secure and compliant communications ecosystem on the Symphony (http://symphony.com) Platform, through Open-ness (as in Open API, Open Architecture, Open Source, Open Standard, Open Communication, Open Governance).

201704 - An Introduction to the Symphony Software Foundation

Symphony Software Foundation

June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer

Symphony Software Foundation

Building the Open Developer Platform with OpenShift & WhiteSource

Open Source Strategy Forum

OSS has taken over the enterprise: The top five OSS trends of 2015

Rogue Wave Software

It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely. Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016. In this webinar you’ll learn how to: -Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts -Implement controls on OSS usage at your organization -Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531

The traditional means of innovating the mobile network has been through the thoughtful and consensus based efforts of technologists working in a standards setting environment. However, the maturation of the Internet as an app platform and the related rise of Internet-enabled device and service providers, esp on the Web, have helped renew a focus on innovation and differentiation. The development of 5G networks and the Internet of Things (IoT) will employ a process likely to be dominated by agile development of technology and platform prototypes often in open source, collaborative projects, which put a premium on "code first.â€ In March 2016, OMA launched an industry-wide survey to study attitudes and industry needs for better collaboration between the SDOs that build specifications, and Open Source communities that would like to use them. In this session, OMA will present the results.

20080602 Microsoft and Open Source

David Chou

Best DevOps Online and classroom training classes Naresh-IT

manoharjgpsolutions

✍️Enroll Now: https://bit.ly/3vQ61sb 👉Attend a Free Demo On 𝗗𝗲𝘃𝗢𝗽𝘀 𝗯𝘆 𝗠𝗿. 𝗥𝗮𝗵𝗮𝗺. 📅Demo on: 18th April @ 6:00 PM (IST). For More Details: 🌐Visit: https://nareshit.com/new-batches Call: +91-9000994007, 9000994008, 9121104164 | support@nareshit.com 📩Join us on Telegram: https://t.me/nareshit 📩Join us on WhatsApp: https://chat.whatsapp.com/EDRZrrTyPifEAeeHxXZqv0

Empowering Financial Institutions to Use Open Source With Confidence

WhiteSource

The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges, especially when it comes to open source usage (both consumption and contribution). FINOS is a non-profit organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. Together with WhiteSource, they are able to provide a safe environment for developers to use open source components freely and fearlessly. Join FINOS and WhiteSource as they discuss: The challenges of open source usage The state of open source vulnerabilities management How FINOS uses WhiteSource to ensure the security and IP compliance of FINOS-produced open source software

WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...

DevOps.com

Cloud bees and forester open source is not enough

Jules Pierre-Louis

It’s the same everywhere you turn. Companies are trying to transform their digital experiences and increase customer engagement all while improving customer experience. This is giving rise to a whole new generation of modern applications that are built fast, scale out, are mobile-first and go global on public cloud infrastructure. Developers building modern applications depend on: - An evolving set of DevOps needs - Modern architectural principles - Pervasive use of open source frameworks and tools Forrester Analyst, Jeffrey Hammond, and CloudBees DevOps Evangelist, Brian Dawson, discussed how developers are meeting the demand for speed without blowing budgets. They shared the best practices they have seen companies use to take full advantage of open source tools and frameworks.

Why is Open Source Important to Samsung and What Are We Doing About It?

Samsung Open Source Group

GoOpen 2010: Sandro D'EliaFriprogsenteret

First openesb submit at brussels

Prabhu Pathak

Community is a Positive Sum Game, Gabriele Columbro

Symphony Software Foundation

Four Steps to Creating an Effective Open Source Policy

Black Duck by Synopsys

Software development organizations are using open source software at an unprecedented scale to build better software faster. Yet while the adoption of open source races ahead, the establishment of policies to govern its use lag far behind. According to Gartner Group, only a minority of IT organizations have established, open-source governance policies in place, and it predicts that by 2014, 50% of Global 2000 organizations will experience technology, cost and security challenges through lack of open-source governance. In this Webinar, Greg Olson, Senior Strategy Consultant with Olliance Group, a Black Duck company, will explain: --The four steps to create an open source policy --How to obtain ‘buy-in’ and support from key stakeholders --Best practices for rolling out an open source policy in your organization

InfoAxon Software Development Services

InfoAxon Technologies Limited

Enabling DevOps for enterprise

punedevscom

The Case for an Open Fintech Ecosystem, Aaron Williamson

Symphony Software Foundation

Webinar: Role of Open Source in the Digital Journey

WSO2

To watch recording of this webinar please use below URL: http://wso2.com/library/webinars/2016/07/role-of-open-source-in-the-digital-journey/ Digital sales will soon account for the majority of sales in any enterprise. Becoming digital is now a requirement and the transformation needs to be done right through a well-planned and phased approach that allows you to be agile, flexible and fast. Open source software provides unique advantages in this journey. The nature of open source allows you to be fearless, try out novel ideas, make mistakes and learn along the way. You can easily drop anything that doesn’t work and strive forward without losing any money on investing in it more. Once you succeed it also provides you with economies of scale. In this webinar Samisa will discuss the role of open source in your digital journey and how you can leverage its benefits to ensure that your journey leads you in the right direction.

Build your business on top of Open Source

Antonio Peric-Mazar

Strangers in a Strange Land, Open Source in Financial Services

Symphony Software Foundation

State of the Union, Gabriele Columbro

Symphony Software Foundation

Similar to FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality

FinDEVr New York 2017 - Deliver your OSS Symphony integration in minutes

Symphony Software Foundation

Establishing an Open Source Program Office

Lee Calcote

Symphony Software Foundation Current State and Roadmap

Symphony Software Foundation

Os Robboscon2007

Summit 16: Bridging Open Source & Open Standards - Oma Survey Results

OPNFV

20080602 Microsoft and Open Source

David Chou

Best DevOps Online and classroom training classes Naresh-IT

manoharjgpsolutions

Empowering Financial Institutions to Use Open Source With Confidence

WhiteSource

WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...

DevOps.com

Cloud bees and forester open source is not enough

Jules Pierre-Louis

Why is Open Source Important to Samsung and What Are We Doing About It?

Samsung Open Source Group

GoOpen 2010: Sandro D'EliaFriprogsenteret

First openesb submit at brussels

Prabhu Pathak

Community is a Positive Sum Game, Gabriele Columbro

Symphony Software Foundation

Four Steps to Creating an Effective Open Source Policy

Black Duck by Synopsys

InfoAxon Software Development Services

InfoAxon Technologies Limited

Enabling DevOps for enterprise

punedevscom

The Case for an Open Fintech Ecosystem, Aaron Williamson

Symphony Software Foundation

Webinar: Role of Open Source in the Digital Journey

WSO2

Build your business on top of Open Source

Antonio Peric-Mazar

Similar to FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality (20)

FinDEVr New York 2017 - Deliver your OSS Symphony integration in minutes

Establishing an Open Source Program Office

Symphony Software Foundation Current State and Roadmap

Os Robb

Summit 16: Bridging Open Source & Open Standards - Oma Survey Results

20080602 Microsoft and Open Source

Best DevOps Online and classroom training classes Naresh-IT

Empowering Financial Institutions to Use Open Source With Confidence

WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...

Cloud bees and forester open source is not enough

Why is Open Source Important to Samsung and What Are We Doing About It?

GoOpen 2010: Sandro D'Elia

First openesb submit at brussels

Community is a Positive Sum Game, Gabriele Columbro

Four Steps to Creating an Effective Open Source Policy

InfoAxon Software Development Services

Enabling DevOps for enterprise

The Case for an Open Fintech Ecosystem, Aaron Williamson

Webinar: Role of Open Source in the Digital Journey

Build your business on top of Open Source

Recently uploaded

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Designing Great Products: The Power of Design and Leadership by Chief Designe...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

How world-class product teams are winning in the AI era by CEO and Founder, P...

ODC, Data Fabric and Architecture User Group

PHP Frameworks: I want to break free (IPC Berlin 2024)

Search and Society: Reimagining Information Access for Radical Futures

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Mission to Decommission: Importance of Decommissioning Products to Increase E...

When stars align: studies in data quality, knowledge graphs, and machine lear...

Leading Change strategies and insights for effective change management pdf 1.pdf

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

The Art of the Pitch: WordPress Relationships and Sales

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality

1. Leveraging open source in the dev process to maximize security, compliance & quality December 7th, FinJS London Maurizio Pillitu Devops Director, Symphony Software Foundation @maoo maoo@symphony.foundation

2. What is Symphony

3. • Stewardship of Symphony open core • Hosts Symphony community projects • Fosters an open ecosystem • Delivers Symphony as commercial SaaS • Supports Symphony open core • Main contributor to the Symphony Software Foundation (for now!) Foundation & Corporation

4. https://www.blackducksoftware.com/2016-future-of-open-source 65% Consumption +5% from 2015 65% Contribution +2% from 2015 33% Commitment 50% Compliance 2016 - Future of is Open Source Download, run, test, deploy code publicly available (to production?) Open issues, send patches, join mailing-list discussions Commit dedicated resources to Open Source development Define formal policies for selecting and approving Open Source code

5. Consumption Contribution Your journey to Open Source “Deliver enterprise-ready software that adheres to quality, security and legal standards imposed by highly-regulated industry” “Navigate through the OSS software offerings; assess, test, run, then choose”

6. Decomposing Compliance Metrics and KPIs Metrics are defined across 3 macro areas; KPIs define the way metrics are measured Measurement and automation Measurements are (preferably automated) processes that return KPI values for each metric

7. Legal IP cleanliness, outbound license consistency, ... Security CVE free, OWASP guidelines, ... Quality Project liveliness, documentation, test coverage, ... Metrics examples https://symphonyoss.atlassian.net/wiki

8. Metric trends for the past and roadmap for the future Stats Docs Which metrics are checked and what’s the current score Badges Project green lights Publish clear instructions to simplify consumption Incubating Active Archived Project Lifecycle

9. runtime platform-specific License compatibility production Measurements... run

10. myget Travis CI Atlassian Cloud Nodesecurity … and automation

11. Advanced challenges • Limits on hosted projects and/or collaborators • API rate limits • Custom metrics and measurements • Hosted and SaaS hybrid build systems • Secrets management • Multi-platform and multi-ecosystem

12. Filling the gap between Compliance and Consumption Consumers ● Badges, stats and docs ● High quality, secure, compliant software ● Access to the community Contributors ● Best of breed Infrastructure ● Metrics, KPIs and automation ● Exposure through the community

13. Questions? Maurizio Pillitu Devops Director, Symphony Software Foundation @maoo maoo@symphony.foundation ● https://blog.symphony.foundation ● https://symphonyoss.atlassian.net/wiki symphonyoss on

FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality

Recommended

Recommended

More Related Content

Similar to FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality

Similar to FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality (20)

More from Symphony Software Foundation

More from Symphony Software Foundation (14)

Recently uploaded

Recently uploaded (20)

FinJS London 2016 - Leveraging open source in the dev. process to maximize security, compliance and quality