OSFFNY22
While Javier was familiar with Fintech Open-Source Foundation’s (FINOS) Executive Director, Gabriele Columbro, from an ApacheCon Fineract track panel they’d participated in a few years back, this was Javier’s first time attending the FINOS OSFF event. The turnout was impressive, with around 500 attendees including leading investment bank personas from J.P.Morgan, Citi, Fidelity, and Goldman Sachs as well as big tech companies such as Red Hat, GitHub, Wipro, SUSE and more. (For more information on FINOS members, go to https://www.finos.org/members).
FINOS
FINOS, the organization behind OSFFNY22, is a thriving community with members ranging from the biggest names you can think of to the brightest and biggest contributors of whom you may have never heard. FINOS is a nonprofit organization focused on leveraging OSS, setting standards, and establishing best practices to accelerate innovation in financial services.
The Log4Shell issue in 2021 involved a critical vulnerability that had been discovered, exposing millions of devices to the potential threat of remote attackers. Following Log4Shell, new regulations were passed by the US Government to help secure open-source software (OSS).The potential risk associated with a small piece of outdated or unmaintained code within many applications potentially leading to the generation of a loophole in infrastructure has also created opportunity and momentum in that space for companies who can help identify and resolve these issues.
With all modern software development now relying on OSS, how can organizations evaluate, identify, and correct any potential risks through maintenance, compliance, and correct usage?
Enter the power of the community and FINOS. FINOS has a framework to assess an organization’s OSS Maturity Model. It is a questionnaire that helps the organization evaluate how well it addresses the complexity and nuances of using open-source software from a strategy, management, and usage perspective.
OSS in modern software development
Open source is at the heart of modern software development. In fact, it would be nearly impossible to find software products today that do not rely on or incorporate OSS in some form, whether it’s massive databases, operating systems, or software development tools to name a few.
Large enterprises are cognizant of their role as responsible users of open-source in contributing back to and engaging with the open-source communities with which they are collaborating to ensure both the communities and the open-source projects on which they are focusing thrive.
Wait…are you in Finance or Tech?
The finance industry is reaching the tipping point of open-source massive adoption. Software products are now at the heart of financial institutions’ core deliverables. It is therefore no surprise that most financial institutions now have more developers than big tech companies. The adoption of OSS is rising across the tech stack, from infrastructure to business applications. Financial institutions are making the transformation from the “big safe” model of storing assets and being keepers to becoming enablers for customers to use their digital assets, much like electrical switches.
Introducing… OSPO!
While you may not have heard of OSPO, the Open-Source Program Office has been gaining traction, with 20 leading U.S. banks setting up their own OSPO this year alone. While the big tech companies have established OSPOs long ago, for example Google’s OSPO dating back to 2004, the trend is now visibly picking up speed in the U.S.
So, what is an OSPO? An Open-Source Program Office is the hub which controls the organization’s open-source operations. The OSPO manages the complexity of using OSS within the company’s development funnel.
OSPOs deal with a wide range of topics including the correct application of open-source, collaborations within the communities and contributing back to communities, the proper usage of licenses based on company policies, open-source project risk-management, OSS governance, maintenance, contribution, security, dependency, and quality levels, etc.
So what is the OSPOtential of it all?
While market leaders can more easily set up an OSPO within their organization, small and medium-sized enterprises (SME) cannot easily achieve this. These types of services provided by a third-party OSPO that offers guidance and mentoring as to the correct us of open-source software is invaluable to SME’s. As always, Fiter continues to identify the latest trends and needs of the market, staying ahead of the curve and offering its customers an advantage over competitors.