Managed open source takes the financial services industry beyond scanning and alerts

Bridget Gleason
by Bridget Gleason
on November 19, 2019

Over the past few years, financial services companies have become some of the most forward-thinking contributors to open source ecosystems. They're sharing code, to be sure. But what’s truly new is that these businesses are opening up about how their work with community-led open source projects is core to the way they’re reimagining banking and financial services.

On November 20, we’ll be at Open Source Strategy Forum in New York, the annual event hosted by FINOS, the Fintech Open Source Foundation. Then Tidelift will be back in NYC on December 9 at Open FinTech Forum. Both events will bring together CTOs, CISOs, heads of development, devops engineers, and open source program office managers to exchange knowledge and best practices about using open source effectively.

Open source supports a culture of innovation 

At Tidelift, we’re seeing that open source is now the foundation on which financial services organizations are building a flexible, resilient technology infrastructure. It allows them to build applications rapidly and to create a culture of innovation. Thanks to open source, financial services organizations also have attracted some of the most talented software developers and engineers, who insist on using the open source components of their choice. 

A transformed infrastructure supports these developers as they build products that meet the evolving needs of the business and consumer customers of banks and other financial services institutions. Some of the drive to innovate is a byproduct of legislation like EU’s PSD2 and associated open banking initiatives, which spur competition and fuel fintech startups. 

Managed open source minimizes risk

As development teams build and pull more open source dependencies into their applications, they’re also attentive to complying with guidance such as FS-ISAC and FFIEC, which describe the responsibility banks and financial services firms have to quickly identify and remediate vulnerabilities in their technology.

Because financial services organizations operate in a regulated, consumer-facing industry, establishing and retaining trust is core to everything they do. When a security, licensing, or maintenance problem with an open source dependency affects one of their applications, the results can be visible and catastrophic, not just in dollar terms, but for the reputations of the execs involved. The Equifax breach, when the company failed to patch a known vulnerability in a web application, is a case in point. 

What’s changed since Equifax is that CTOs, CISOs, and heads of developer teams no longer get a pass from their customers, management, and peers—they have to take responsibility for what’s in their code. There’s a greater sense of urgency not only to identify problems, but to have an expert resource to fix issues when they occur. 

When they do not—when developers and devops pros are barraged with alerts offering no path to resolution—open source can deliver huge maintenance headaches. These eat into productivity, clog internal approval chains, and even impact applications in production. 

Managed open source provides a way for these executives and their teams to save time and minimize exposure to risk when using open source components. It gives teams all of the same capabilities and assurances they require from commercial software for the key open source software components they depend on.

Tidelift works with maintainers to resolve issues for you

The Tidelift Subscription, a managed open source subscription, identifies all of the open source dependencies in an enterprise’s codebase and integrates with the tooling development and devops teams already use to help prevent problems with dependencies. Critically, the Tidelift Subscription works with the experts who know open source components the best—the project maintainers—to resolve issues when they occur.

The Tidelift Subscription also supports financial services organizations’ processes that keep businesses in compliance with internal and industry guidelines. A few of the ways we align application development team use of open source with each organization’s risk model include working directly with open source maintainers to provide package and version recommendations, guiding developers to select packages covered by preferred open source licenses, and indemnifying open source packages. 

We’re excited to meet up at Open Source Strategy Forum and Open FinTech Forum to learn more about how application development teams are using open source, and to helping them make it work even better. If you’ll be there as well, let us hear from you—we’d like to learn how you’re building and managing with open source.

https://tidelift.com/subscription/managed-open-source-survey