Empowering Financial Institutions to Use Open Source With Confidence

1. 1 Empowering Financial Institutions to Use Open Source With Confidence James McLeod Jeff Crum Director of Community Senior Director of Product Marketing FINOS WhiteSource

2. finos.orgFintech Open Source Foundation Financial services future will be open source and real time.” Chris Skinner (The Finanser) Photo & Quote: BBVA 2017 “

3. finos.orgFintech Open Source Foundation Commits by financial institutions355,508 Repos from financial institutions44,996 24,751 Committers from industry Source:

4. finos.orgFintech Open Source Foundation OSS VALUE (Why?) OSS CHALLENGES (How?) DECISION MAKERS ENABLEMENT LINE OF BUSINESS ENABLEMENT WHY OPEN SOURCE? Business Value of OSS Engagement WHAT TO OPEN SOURCE? Identity “Value Line”, OSS Commercialization Tactics LEGAL Contribution Policy, CLAs, License CULTURAL Cultural, Community RoE TECHNICAL OSS Supply Chain DevOps Workflow Open Source in Regulated Industries Is Not Easy Member Success initiative Open Source Readiness Program Open Developer Platform World-Class OSS legal and Technical Experts HOW CAN FINOS HELP?

5. finos.orgFintech Open Source Foundation Traditional Solution Oriented Business Models 5 PRODUCTION DISTRIBUTION MARKETING CONSUMER In traditional business models Value creation Is linear and one-way

6. finos.orgFintech Open Source Foundation A Linear Delivery Path with Increased Cycle Times Development Integration Test Quality Testing Security Testing UAT & Route to Live TESTS FAIL TESTS FAIL TESTS FAIL TESTS FAIL ▪ Waterfall follows a linear delivery path ▪ Failure Results in Delay and Long Cycle Times

7. finos.orgFintech Open Source Foundation Platforms Thrive in an Open ecosystem 7 In Platform business models Value creation is two-way and continuous Logos are © and (™) of their respective owners PLATFORM ECOSYSTEM

8. finos.orgFintech Open Source Foundation DevOps Equals Agile, Automation and Culture https://marketplace-cdn.atlassian.com/s/public/devops-hero-1-87966cfbc9c5713ae047551c7b22985c.png

9. finos.orgFintech Open Source Foundation Need Proof? Open = Disruptive innovation Google Opens specs for Map Reduce 2004 BIG DATA Amazon launches AWS based on Xen, Linux, Dynamo 2006 CLOUD First release of MongoDB 2007 NOSQL Satoshi releases 0.1 of Bitcoin 2008 BLOCKCHAIN Facebook contributes Cassandra to Apache 2009 NOSQL Yahoo contributes Hadoop to Apache 2011 BIG DATA Node.js joins the Linux Foundation 2015 MODERN DEV Google open sources TensorFlow 2016 MACHINE LEARNING

10. 10 So how can you shift left security successfully?

11. How left can you go? 11 Shifting left the right tools Who owns it? 1 2 3

12. 12 1How left can you go?

13. 13 When is the optimal point to integrate security checks into the SDLC? PLAN CODE BUILD MAINT.DEPLOY

14. 14 Detecting Issues as Early as Possible Has Multiple Benefits Coding $80/Defect Build $240/Defect QA & Security $960/Defect Production $7,600/Defect The cost of fixing security and quality issues is rising significantly, as the development cycle advances.

15. 15 66% of companies have already implemented application testing during or even pre-build stage In what stage of the SDLC do you spend most of your time implementing security measures?

16. 16 In what stage of the SDLC do you spend most of your time implementing security measures, by open source usage? The higher usage for open source, the more likely that developers would implement application security tools

17. 17 2Who owns it?

18. If the goal is to integrate security pre-build, then who should own application security in the organization? of the respondents stated that the ownership over AppSec lies in the software development side 72% 20% 28% 23% 29%

19. 19 Research shows organizations of all sizes are shifting their operational security to software development teams Who owns security in your organization, by company size?

20. 20 Companies are investing in secure coding training more than ever before of developers say that their company provides them with security training that helps them code better. 36%

21. 21 3Shifting left with the right tools

22. 22 Both teams need security tools, but in order to shift left security you need to empower your developers. What are the “right” tools? Governance solutions Developers tools Used by security teams and management to get full visibility and control over the security risks in their software Used by developers to remediate vulnerabilities

23. 23 Each Have Different Requirements ▪ Visibility and control through automation ▪ Reports, prioritization and policy enforcement ▪ Information on issues and remediation support ▪ Integration with dev tools, real-time alerts and remediation insights GOAL FEATURES Governance solutions Developers tools

24. How left can you go? 24 Shifting left the right tools Who owns it? 1 2 3

25. finos.orgFintech Open Source Foundation Vision for a Fintech Open Developer Platform 25 METRICS & REPORTINGWEB CONFERENCINGMAILING LISTSWIKI SYMPHONY (ReST API) SYMPHONY (Extension API) FINTECH OPEN DATA High Productivity Turnkey Developer Experience SOFTWARE CONTRIBUTORS SOFTWARE CONSUMERS SYMPHONY (Integration webhooks) Biz & Legal Peace Of Mind - We Do The Hard Part! FINTECH OPEN APIS CLOUD OPEN APIS CODE HOSTING Github Travis CI CONTINUOUS INTEGRATION CONTINUOUS DELIVERY Openshift RELEASE PUBLISHING Maven central, NPM, NuGetWhitesource SECURITY, QUALITY, IP COMPLIANCE Atlassian Confluence Google Groups WebEx Hosted Platforms Development Infrastructure Collaboration Services Future partnerships and contributions Bitergia

26. finos.orgFintech Open Source Foundation 26 colineberhardt.github.io/cla-bot Pull Request Made to a FINOS GitHub Repository

27. finos.orgFintech Open Source Foundation 27 CLA Bot Gives Real Time Licensing Feedback

28. finos.orgFintech Open Source Foundation 28 Building and Testing Triggered by Pull Request

29. finos.orgFintech Open Source Foundation 29 DevSecOps with Automated Vulnerability Testing ▪ Build if tests pass ▪ Alert if tests fail

30. finos.orgFintech Open Source Foundation 30 Real Time Dependency Vulnerability Testing

31. finos.orgFintech Open Source Foundation 31 Vulnerability Reporting at File Dependency Level

32. finos.orgFintech Open Source Foundation 32 Merging and K8 Deployment at Tests Passed

33. finos.orgFintech Open Source Foundation 33 finos.org/odp/docs > Development Infrastructure > Code Validation Multi Language ODP Validation Tools Matrix

34. finos.orgFintech Open Source Foundation 34 Following the Open Source Compliance Pattern The functional components of an Open Source compliance toolchain produced by the Open Source Tooling group of the OpenChain Project

35. finos.orgFintech Open Source Foundation Community Open Ecosystem THE OPEN PLATFORM Openness Enables Thriving Ecosystems 35 Value Line NETWORK CONTENT APP Open Standards (Open API) PLATFORM VENDOR END USER / INTEGRATOR , Semi-Open Ecosystem, Lower CAC, Easy integration Reduced vendor lock-in, solutions reuse, influence via standards groups Finos.org Value is in the ecosystem, Platform is just an enabler Open Source Fully Open Ecosystem, Focus on Core IP, cheaper Go-to-Market, broad talent pool, Community input / contributions No vendor lock-in, influence via contribution, lower overall software TCO, talent acquisition and retention, security by many eyeballs Open Standards ensure high longevity for open source software Open Source enables faster standard adoption and iterations

36. finos.orgFintech Open Source Foundation Q&A

Empowering Financial Institutions to Use Open Source With Confidence

Du liest eine Vorschau.

Hier ansehen

Empowering Financial Institutions to Use Open Source With Confidence

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Empowering Financial Institutions to Use Open Source With Confidence (20)

Weitere von WhiteSource (20)

Aktuellste (20)