AI Content Chat (Beta) logo
Current Time 0:00
Duration -:-
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
 
1x
    • Chapters
    • descriptions off, selected
    • captions off, selected

      The State of Open Source in Financial Services

      FINOS

      Open Source

      Linux

      Marketing

      Interactive Content

      Report

      2022

      Financial Services

      in partnership with and The State of Open Source in Financial Services Hilary Carter, Linux Foundation Stephen Hendrick, Linux Foundation Cara Delia, Red Hat Philip Holleran, GitHub Tosha Ellison, FINOS Foreword by Gabriele Columbro, Colin Eberhardt, Scott Logic Executive Director, FINOS

      Contents Foreword .............................................................................................................................................. 3 Infographic: Open Source in Financial Services .......................................................................4 Executive summary ........................................................................................................................... 5 Introduction ......................................................................................................................................... 7 Scope of open source financial services activity ......................................................................8 Survey and interview findings ........................................................................................................11 Value proposition ................................................................................................................................................................ 11 Organizational Consumption.......................................................................................................................................... 16 Organizational Contribution ...........................................................................................................................................25 Leadership ............................................................................................................................................................................35 Opportunities ......................................................................................................................................................................40 Conclusions and actionable insights ..........................................................................................43 Increased focus on open source will improve security ......................................................................................... 43 Focus on the value proposition and moral imperative of open source .......................................................... 43 While many organizations are making great strides, far more need to follow their lead ........................44 Endnotes ............................................................................................................................................ 45 Methodology ....................................................................................................................................46 In-depth interviews ........................................................................................................................................................... 46 About the survey ............................................................................................................................................................... 46 Screening criteria ............................................................................................................................................................... 46 Year-over-year comparisons .......................................................................................................................................... 46 Resources ........................................................................................................................................... 47 Acknowledgments ...........................................................................................................................48 Disclaimer ..........................................................................................................................................48

      The State of Open Source in Financial Services - Page 2

      Foreword Since we published the inaugural State of Open Source in open community fall in place, with the wheels of innovation Financial Services report in October 2021, a wave of accel- spinning faster and faster in our ecosystem. eration in the adoption of open source has swept across the Fintech Open Source Foundation (FINOS) community and This anecdotal evidence made me even more curious about the financial services sector. Adoption not only in the sense of this year’s report, which is our very first opportunity to consumption of open source software, but the adoption of open quantify year-over-year growth of open source in the global collaboration and open governance as prime “coopetition” financial services and fintech landscape. I was very pleased models for all industry constituents to drive their objectives. In to see a significant increase in both the number of commits tandem, the industry has made great strides in addressing long- and the number of open source repositories financial services standing interoperability and innovation challenges. are actively engaged in, confirming that institutions are dras- tically investing in open source projects, and the perception During the last 12 months, more than 20 financial institu- of value continues to increase. These are only some of the tions—on the sell side and buy side, and across commercial headlines of what I think are a fantastic testament to the and retail banking—have established Open Source Program work and commitment across the financial services industry Offices (OSPOs), a fundamental pillar of mature corporate in general and the FINOS community in particular. engagement in open source best practices. In the wake of Having spent the last few years advocating for and evange- Log4Shell, we saw the financial services industry react lizing the industry on why and then how stakeholders should more swiftly and efficiently than any other industry to engage in open source, I can proudly and confidently say address a potentially massive vulnerability, and for good that open source in financial services is here to stay. I have reason, including amping up investments in global efforts, no doubt that it will continue to revolutionize this industry as such as OpenSSF, to secure our software supply chain. it has all other industries undergoing digital transformation. But it’s not just about financial institutions. In the last year, I want to close by thanking our survey partners and, more we also saw the rise of VC-backed commercial open source importantly, our amazing FINOS and Linux Foundation fintech startups like Moov or OpenBB, and even a16z, now contributors and members. Without their support, we would openly talking about fintech as the next industry that open not be witnessing the significance and proliferation of open source will disrupt. Even regulators across the world are source in this industry. To everyone else, there’s a huge now acutely aware of the fundamental role that open source opportunity ahead of us, so if you are not yet part of this plays in financial services and beyond and are increasingly movement, now is the time to join and contribute to the open to collaboration. Finally, established industry consortia creation of the next generation of financial technology. and SDOs are now also recognizing open source as the most viable option to drive real adoption for their stan- Gabriele Columbro dards. Unquestionably, 2022 was the year in which we saw all Executive Director the building blocks for an organic, growing, and sustainable Fintech Open Source Foundation (FINOS) THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 3

      Infographic: Open Source in Financial Services 87% of respondents GitHub repositories Fun and commits agree that with enjoyment open source from financial are still top is valuable to services reasons the future institutions of the respondents financial services are up 43% engage with open industry. over last year. source software. “Consuming open source software” Open source 56% agree that their and “using open source standards” consumption is organizations are were the top factors more value increasing encouraged in 48% getting of organizations productivity, , from open source with “inner source” almost double the number compared to 2021. from 2021. close behind. The ability for The number of financial Organizations with OSPOs financial services services organizations are just over twice as likely employees to prohibiting open to openly contribute to contribution encourage open source is down 70% consumption is up 75% (6% in 2022 from than those without. OSPO (20% in 20% in 2021). 2021 vs. 35% in 2022). 48% of respondents Organizations with >10,000 Organizations with OSPOs are employees have a greater three times strongly agreed that almost improving security breadth of open source more likely to is a top reason consumption, with openly encourage use in AI, ML, contribution their organization should data and analytics contribute to open source. than those without. OSPO This is up from 28% in 2021. coming out on top. Copyright © 2022 The Linux Foundation | December 2022. This report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License

      The State of Open Source in Financial Services - Page 4

      Executive summary Last year, we produced the inaugural State of Open Source known by most engineers—and even encouraging more in Financial Services research report, which set a baseline for contribution, particularly where there is an OSPO, or similar, the understanding of open source aspirations, consumption, in place. Over half (54%) of respondents shared that contrib- contribution, and leadership in the industry. Now, in our uting to open source improved the quality of the software second year, we report on those same elements with addi- they were currently using and identified improved quality, a tional insight into the changes during the last year. Further, better workplace, stronger security, and fulfilling moral obli- we highlight obstacles and challenges that individual orga- gations as the top reasons that their organizations should nizations, burgeoning communities, and the industry itself contribute to open source. Active participation in open face. Here is a distillation of the key findings. source is also cited as a key factor in recruiting and retaining IT talent. The industry is making more commits While it is challenging to capture an accurate snapshot of the Consumption is getting a lot of attention industry’s actual code contributions, for reasons discussed in The survey results show an overall positive sentiment the report, a like-for-like comparison between contributions toward open source, with 56% of respondents reporting in 2021 and 2022 from financial services shows significant that the value their organization derives from open source growth. This year, we found 41,277 repositories with financial consumption has increased in the last year. A total of 48% services committers, which is an increase of 43% compared of respondents also work in organizations that openly to last year's results. Commits also increased, albeit at a encourage open source consumption, which is a signif- slightly lower level. The repositories were quite diverse in icant improvement (+21%) on last year. This positive trend, nature, including test frameworks, developer tooling, user however, is not without challenges. Security is a clear and interface toolkits and infrastructure code. Just over half of ever-present concern, as is decision-making regarding the code within the financial services dataset we evaluated is which components to use, when to update, how to manage written in Java, compared to 11% in the entire GitHub corpus. license obligations, and more. It’s also clear that open source Financial services firms have been dedicated users of Java consumption policy needs to be better coupled with tooling, for decades, with the language long being considered the education, guidelines, and more to increase its effectiveness. de facto for “enterprise” development. Survey respondents ranked the need for investment in operational issues, such as legal, compliance, security, and Signs point to a greater appreciation tooling, higher than the need to focus on the overall “value of the value of open source proposition” and “leadership.” Data in the report indicates that financial services leaders (both business and technology) are now more fully grasping the benefits of consuming open source—something long THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 5

      Contribution could use more attention Leadership is essential, The report shows that although the open source contribution challenging, and nuanced story is positive, significant challenges remain, more so than In addition to work on policies, processes, and tooling, open for consumption. Despite the challenges, 38% of respondents source leaders in financial services must also deal with siloed reported being given more time to spend on open source workplaces, cultural differences, and potential misalignment contributions, and 64% of respondents stated that their orga- between “the business” and technology. The survey results nization maintains at least one open source project, with indicate that firms with an OSPO or visible open source one third maintaining between three and 10 projects. There leader, compared to those without, are better able to address has also been a positive shift in open source policies, with a these issues and far more likely to openly encourage both 75% increase (20% in 2021 vs. 35% in 2022) in contribution consumption (62% vs. 29%) and contribution (41% vs. 14%) permitted under some circumstances and a 70% decrease while having a significant positive impact on employees’ (6% in 2022 from 20% in 2020) in the percentage of firms perceptions of their organization’s engagement with open that do not permit contribution. Contribution to inner source source. Leadership is nuanced, however, and our analysis projects remains higher, with respondents spending almost suggests that while executive support is crucial, so too is a double the time contributing to inner source projects than to grassroots effort. third party projects or projects that their own organizations open source. On balance, the findings of this report reveal that while consumption remains hard, contribution is even harder. At the same time, there is an increased appetite to overcome barriers and a growing number of open source leaders in the industry to help achieve this. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 6

      The State of Open Source in Financial Services - Page 6
      Current Time 0:00
      Duration -:-
      Loaded: 0%
      Stream Type LIVE
      Remaining Time 0:00
       
      1x
        • Chapters
        • descriptions off, selected
        • captions off, selected

          Introduction Open source software is ubiquitous across industries, and FINOS comprises more than 64 member organizations who financial services is no exception. While organizations join together to innovate on open source software, open actively engage in implementing open source technologies standards, and data technologies unique to the financial that are essential for day-to-day operations, on its own, open services sector, including in cloud services, financial desktop source strategy is under-heralded as a viable pathway to applications, and beyond. competitive advantage. At the same time, companies that dismiss open source as not competitively relevant do so to Once again, FINOS, in partnership with Linux Foundation their detriment. The opportunities that open source creates Research, launched a new study to understand the use for financial services organizations include lowering the total of open source among financial services organizations, cost of ownership of IT infrastructure, increasing the time to including banks, asset managers, and hedge funds. Working market for digital applications, and keeping a competitive with GitHub, Red Hat, and Scott Logic, this new empir- posture when it comes to talent recruitment and retention. ical research study was initiated with the goal of creating an industry-wide resource to be accessible by all financial For all the benefits that open source creates, financial services organizations to inform their open source strategy, services firms face unique obstacles that preclude more with comparisons to the inaugural study published in 2021 to fulsome participation in the space. In a similar fashion to show directional trends. the healthcare and public sectors, financial services orga- nizations are bound—for good reason—by strict regulatory This report explores and compares the current landscape frameworks, where the cost of noncompliance comes in the of open source consumption, contribution, leadership, and form of punitive fines and damaged corporate reputations. governance in the financial services sector, focusing on how Consequently, a cautious approach is often the order of the the industry has changed in a short amount of time. With day when it comes to managing innovation, where internal insights from subject matter experts at leading organiza- policies concerning open source contribution can often range tions across the sector, the report sheds light on the strategic from outright prohibitive, at worst, to restrictive, at best. opportunities and organizational benefits created by open source as well as the challenges unique to the industry. The Fintech Open Source Foundation (FINOS) exists to provide guidance in navigating regulatory imperatives while enabling parties to realize the benefits of open source collaboration. In addition, FINOS aims to create a path to sustainable innovation, accelerating collaboration among a networked community of competitors, who have come together to solve common challenges and pain points, while enjoying a host of benefits. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 7

          The State of Open Source in Financial Services - Page 7

          Scope of open source financial services activity In this section, we explore the open source activities of This year, as shown in TABLE 1, we find 36,107 reposito- financial services organizations through publicly available ries with financial services committers, which is an increase GitHub data. It is challenging to capture the full extent of of 43% compared to last year's results. Elsewhere in this open source interactions because as we highlight elsewhere report, we highlight that contribution policies are shifting in this report, policies and restrictions often push developers toward a more favorable position. Contribution is more often to use their personal account when interacting with GitHub. permitted in 2022 (35% vs. 20%), with the increased activity However, despite these challenges, we observe interesting we observed within GitHub likely reflecting this positive patterns from the available data. policy change. We see a similar, yet more modest, increase in the total number of financial services personnel interacting GitHub provided the analysis in this section using a list of within GitHub. FINOS-supplied email domains of over 400 of the largest financial services institutions (by revenue and/or assets The goal of FINOS is to drive collaboration within the finan- under management) as well as those financial services orga- cial services industry. With that in mind, it is interesting to see nizations known to this group to be active or interested how often multiple financial institutions are active in a single in open source. Data was included for GitHub users who repository. Last year, we found that most projects in the made commits to any public repo with a primary email that dataset had contributors from only a single financial services matched an email domain in a FINOS-provided list or if the institution. This year, this figure has increased to 41 projects, user was a member of an organization that had a billing email with committers from more than one financial institution with a domain in that same list. compared with 24 last year. 1 2021 TABLE 1 GitHub repositories with a financial services email domain Unique repositories Total commits by Year with FinServ commits Unique FinServ users FinServ users 2022 36,107 8,552 535,974 1 2021 25,280 6,857 429,258 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 8

          If we instead look at collaboration on the individual level, there are 357 open source repositories in the dataset with two or more financial services committers (that may be from FIGURE 1 the same financial services institution). Some of the most A comparison of the most widely used active repositories in this dataset include: languages in financial services • jpmorganchase/uitk—a JPMorgan project that provides a suite of user interface (UI) components and a flexible theming system. • finos/kdb-studio—a FINOS-hosted project that provides 10% 20% 30% 40% 50% 55% an interactive environment for working with the KDB Java database. Go • todogroup/governance—a project relating to the JavaScript governance of TODO Group, a Linux Foundation Python organization that promotes open source best practices OCaml through OSPOs. C++ • man-group/arctic—a Man Group-hosted project that C# provides a high performance datastore for time series and TypeScript tick data Kotlin • finos/morphir-jvm—a FINOS-hosted project that provides C tools to work with the Morphir IR on/using the JVM. Scala • manulife-ets/dvna—Damn Vulnerable NodeJS Application Shell (DVNA), a NodeJS application to demonstrate OWASP Elm Top 10 Vulnerabilities, to aid testing and security research. 5% 10% 20% 30% 40% 50% The above are quite diverse in nature, test frameworks, devel- Projects with financial services committers oper tooling, UI toolkits, and infrastructure code. Notably, there are several FINOS-hosted projects among the most All GitHub projects active. The datasets also show alignment with the survey results, where respondents reported that their organizations were predominantly contributing to projects relating to web app development, cloud and containerization technologies, SOURCE: GITHUB, OCTOBER 2022 AI/ML, and CI/CD. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 9

          For these 357 projects, we used the GitHub API to download entire GitHub corpus). Financial services firms have been a further metadata, allowing us to create a profile of the dedicated user of Java for decades, with the language long projects that financial services employees contribute to. being considered the de facto for “enterprise” development. The next most frequent language is Go, which is a surprising The GitHub API provides detailed statistics regarding result, as it isn’t often associated with financial services. the programming languages used in the development of open source projects, providing a lines-of-code count for GitHub has a mechanism for adding topics to repositories, individual languages. By summing this across the entire which are free-text input (it guides users toward existing dataset, we can see the most prevalent languages within topics where appropriate). We combined the topics for the the projects that financial services employees commit 357 projects in order to determine the most popular across to (which is a likely indication of the languages these the dataset. employees are using themselves). We can also compare this to the publicly available data for the entire GitHub corpus. The most popular topic is spring-boot, which relates to Spring Boot, a modern Java application development FIGURE 1 shows us that 51% of the code within the financial framework. The next most popular topics were all language services data set is written in Java (compared to 11% in the related; JavaScript, Python, and WebAssembly. FIGURE 2 The most popular topics added to financial services GitHub repos A T A B D U H T I A G I D V E T A R E N E G THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 10

          Survey and interview findings Value proposition differentiate the organization, nor does it provide an obvious There are several benefits to open source software, including competitive advantage. Unlike proprietary software, open increased agility and innovative technical capabilities. source technologies are customizable and scalable to adjust Through survey results and personal interviews with indi- and modify to the business’s needs. Starting a project from viduals in global financial institutions, we explore how scratch simply isn’t necessary when there are a wide variety respondents are motivated to leverage open source and of secure open source packages. how it impacts not only their technology, but also people and productivity while remaining secure and compliant. In In the words of one OSPO leader, “We're not going to differ- addition, we review aspirational opportunities in the open entiate ourselves in the marketplace by making a container 3 source journey. orchestration system.” However, many institutions need container orchestration tools to automate the deployment, MOTIVATORS networking, scaling, and management of containers. Open Financial institutions need to rapidly modernize their tech- source enables faster time to value if one is already shared in nology function to support the digital transformation of the open for all to use and modify through collaboration. both the front and back ends of their businesses. Enterprises are increasingly turning to open source technologies for Balancing out the consumption of open source software business-critical work involved in their digital transfor- for internal projects includes contributing to open source mation strategies. There are several benefits to open source by getting involved in upstream projects and communities. software, such as cost savings, increased agility, and inno- Contributing to open source software helps institutions to vative technical capabilities. understand that the foundational technologies for their busi- nesses are secure. An added benefit of contribution is the According to Gil Yehuda of U.S. Bank, “Open source has been ability to reduce technical debt by relying on publicly main- 2 He also says, “In general, strategic for the organization.” tained versions. some financial services organizations viewed technology as something you purchase versus a strategic component to The challenges that most organizations face aren't only tech- their business growth. We’re now seeing technology deci- nological. The problems can lie in how teams operate either sions as being strategic to business for more firms.” together or singularly. Structuring collaboration is a signif- icant step in organizing how innovation occurs around the More broadly, however, this tells us that financial services organization’s choice to leverage open source software leaders are starting to understand the benefits of consuming and its principles. This can be a challenge within siloed open source—especially when open source does not organizations. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 11

          ORGANIZATION AND CULTURE By actively participating in open source, organiza- Market demands are pushing organizations to rethink some tions demonstrate that they invest in supporting talent. truly fundamental notions and in some cases, prompting them Organizations can also interact with potential hires in the to reconsider how they operate. Openness is becoming increas- project’s community and get a preview of how prospective ingly central to how groups and teams of all sizes are working candidates engage with others, leading to both better fits in together to achieve shared goals. FIGURE 3 shows that over half the hiring process, and aiding in talent retention. (54%) of respondents report that contributing to open source improved the quality of the software they are currently using. When asked how open source efforts fit into how their firm recruits and retains IT talent, one global technical architect Technology alone isn't enough to sufficiently tackle any set shared, “Talent recruitment is HUGE for us. We purposely of challenges. Doing the same things with different tools isn't publish our APIs to a lot of projects for contribution but also 4 an effective strategy for change. Another approach incorpo- for talent acquisition.” Another senior technologist shared rates people and practices within the platforms. a similar view: “Being part of the open source community is FIGURE 3 Organizational reasons for contributing to open source I feel my organization should contribute to open source in order to: Improve the overall quality of the open source software that they are currently using Be a more attractive place to work Improve security Fulfill its moral obligation Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q26, SAMPLE SIZE = 188-193, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 12

          particularly important for hiring. We want our staff to be part Recruiting and retaining qualified talent is a benefit of that community. It’s well understood that it has become an expressed by many of our interviewees when asked to essential element for hiring and retention.”5 evaluate the merits of employee contributions to open source. One engineer says, “Our ambition to be a big digital In FIGURE 4, respondents reveal how influential the following player isn’t going to be met if we can’t retain the right talent. factors are when considering contributing their time to OSS. Amongst many of the really good engineers there is a desire The majority (63%) identify the importance of learning and to contribute to open source for their own reward and recog- personal development. Half (50%) say that working with 6 nition but also that feeling of giving back.” peers has an influence on whether or not to contribute, followed by enjoyment and fun (47%) and improving career Organizations that are typically active in open source project opportunities (45%). communities recognize that the users or consumers of their FIGURE 4 Factors that influence contributions to open source How influential are the following factors when considering whether or not to contribute your personal time to OSS projects? Learning and personal development I enjoy working with my peers and the community Provides a sense of enjoyment and fun Improving my career opportunities A technology need wasn't being met elsewhere Responsibility toward open source Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q34, SAMPLE SIZE = 133-135, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 13

          The State of Open Source in Financial Services - Page 13

          firm’s technology stack, such as developers, engineers, and reliability, support, security, and a more predictable release architects, are stakeholders in the organization’s success. cadence. The challenge for leaders in financial services is Retaining these stakeholders and growing their skills is a key ensuring that they are taking full advantage of all the inno- opportunity to stay competitive in today’s market. vative potential of open source in a way that does not impede developers or put the organization at risk. This being said, as In thinking of your organization, how many are innovative, FIGURE 5 below shows, 77% of survey respondents report that engaged, and producing outcomes that were not previously contributing to open source software improves the security seen? of the projects they are working on (48% strongly agree, and 29% somewhat agree). SECURITY Financial institutions want the innovative benefits of open Due to regulatory, compliance, and security reasons, certain source without the risks—that is, with the promise of open source communities might not be the right place to FIGURE 5 Organizational reasons for contributing to open source I feel my organization should contribute to open source in order to: Improve the overall quality of the open source software that they are currently using Be a more attractive place to work Improve security Fulfill its moral obligation Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q26, SAMPLE SIZE = 188-193, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 14

          The State of Open Source in Financial Services - Page 14

          FIGURE 6 contribute or consume code. By creating an internal infra- How open source increases productivity structure using standard tools, policies, and processes, consumption and contribution becomes easier, more secure, Which of the following increases your productivity at work? and more compliant compared with the ad hoc approaches (check all that apply) Segmented by OSPO/Visible Leader to modernization and transformation that are being carried out in many institutions today. Using (consuming) ASPIRATIONS/OPPORTUNITIES open source software By licensing code in an open way and collaborating with industry peers to build it, there are communities of people all working toward the same goal. They are collaborating to Using open source build better solutions rather than working on individual or standards proprietary projects behind a wall. Everyone shares the same points of reference and shares in the success of the project Internal re-use of because work is transparent and accessible to all. code developed within your organization (inner source) We have discussed organizational approaches that aim to create more agile, innovative, and collaborative teams that act with purpose and generate value more quickly. It is not Collaboration with one size fits all; different organizations require different tech- industry peers niques such as an innersource development model. Contribution to Innersource uses open source software development best third-party open source practices and the establishment of an open source-like software/standards culture within organizations to develop non-open source and/or proprietary software. As one interviewee describes, Contribution, and open “We just launched our innersource program, and we have sourcing, of internally a few projects as inner source ready and created a process developed projects through a Jira intake."7 The connection between innersource, open source, and leadership is a meaningful one. As None FIGURE 6 shows, 61% of respondents shared that their inner source goals improved with a visible OSPO leader within their organization. Total OSPO/Visible Leader Neither OSPO/Visible Leader As organizations embrace open operating principles along- 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q36, side open source tooling, ensuring those goals are outlined in SAMPLE SIZE = 196, VALID CASES = 196, TOTAL MENTIONS = 6 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 15

          The State of Open Source in Financial Services - Page 15

          a coordinated, formalized corporate strategy or road map(s) • Open source consumption policy needs to work alongside FIGURE 7 presents, this year’s survey shows is important. As tooling, education, guidelines, and more to be effective. that 43% of respondents strongly agree, and 36% somewhat • Organizations have a surprising level of confidence in the agree that their organization's contribution to open source quality of the open source components they consume. would increase if it focused on the value proposition that open source holds for their organization. • Open source is used widely for a great variety of purposes. However, for the largest of organizations, its use Organizational Consumption in AI/ML and data and analytics, is most prominent. In this section, we focus on the consumption of open source • There is a wide range of motivating factors for increasing within organizations. This means the use or incorporation of open source consumption, which suggests that OSPOs open source code, components, and tools in the creation and and open source leaders need to exhibit equal breadth in operation of an organization’s digital products or services. their leadership. Here we find that: ORGANIZATIONAL POLICY ON • A total of 48% of respondents work in organizations that OPEN SOURCE CONSUMPTION openly encourage open source consumption, which is a The software industry has generally embraced open source, FIGURE 8 significant improvement (+21%) over last year. See with multiple reports indicating that open source has become below. 8 a dominant force. The recent Census II report from Linux FIGURE 7 Education as an influencing factor for increased contribution to OSS My organization's contribution to OSS would increase if it focused investment or effort on organization-wide education on the value proposition. 3% 3% 15% 36% 43% Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q28, SAMPLE SIZE = 191, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 16

          Foundation Research estimates that open source software constitutes 70 to 90% of any given modern software solution. FIGURE 8 In the words of one interviewee for this report, “It would be Comparison of the extent to which hard to find code today that does not have some dependency 9 open source consumption is permitted on open source.” at the respondents’ organization Notably, much of the infrastructure that public cloud vendors provide is itself open source; hence, by using the public What statement is closest to your current organization’s cloud, we are indirectly consuming open source code. policy on open source consumption? (select one) “ In engaging cloud service providers and vendors to give us things like a load balancer, a data store, a virtual Consumption machine, for example ... since they are running open is openly 48% encouraged source software, so are we.”10 27% The widespread use of open source is a positive result for the software industry, where both the community and enter- Consumption 41% prises benefit from the collaborative creation of shared value. is permitted However, it is not without challenges. Security is a clear and under limited ever-present concern, as is decision-making regarding which conditions 47% components to use, when to update, how to manage license obligations, and more. 3% The first step toward tackling these challenges is to have a Consumption is not permitted clear and effective policy relating to the consumption of open 17% source software and components. We explored organizational consumption policies, with the results shown in FIGURE 8. 8% As indicated in the above figure, this year’s research shows No clear policy that 48% of respondents work in organizations that openly 9% encourage open source consumption, which is a signifi- 2022 2021 cant increase compared with last year's results (27%). This is a very positive result for financial services, which has been slow to adopt open source compared with other industry sectors. However, there is still room for improvement. A 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q12, SAMPLE SIZE = 210 recent survey that spanned multiple sectors found that 57% 2021 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q21, SAMPLE SIZE = 111 of respondents work in organizations that openly encourage open source consumption.11 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 17

          Therefore, it is likely that the volume of consumption is breadth of dependencies is so large; there is no way to FIGURE 9 increasing, as is the value derived from open source. manage this without automation and a “group think” across shows that our survey reflects this overall positive sentiment, the entire ecosystem. The solution has to be part of the where 56% report that the value their organization derives Software Development Lifecycle, it has to be baked-in. 12 from open source has increased this year. Anything relying on manual intervention is destined to fail.” “ The value of open source is apparent and obvious due While open source has tremendous value, which policy and to its ubiquity. The difficulty is in expressing the value tooling can help organizations to unlock, it is not without of c ontribution.” —Executive director of a global bank risk. There have been a number of high-profile security inci- dents relating to critical open source components recently PUTTING POLICY INTO PRACTICE (e.g., Log4Shell), which have resulted in equally high profile Open source consumption is a complex process. A written initiatives to address these challenges. There has also policy, no matter how well formed, is simply not enough. A been an increased interest in the use of standards such whole range of other activities and artifacts must support it. as Software Bill of Materials (SBOMs) across the overall In our survey, we asked how organizations turn open source software supply chain, which is an acknowledgment that FIGURE 10 shows the results. both are becoming increasingly complex. The software policy into practice. supply chain was the topic of a recent White House briefing, We see a diverse set of responses across tooling, educa- which highlighted the critical role it plays in protecting a tion, formal processes, and guidelines. All these activities nation's cybersecurity. While it wasn’t mentioned explic- and artifacts play an important role. According to NatWest’s itly, the “supply chains'' that are being referenced will most Jonathan Haggarty, Head of Bank APIs Technology, “The certainly contain a lot of open source code. FIGURE 9 Comparison of the perceived change in the value organizations have derived from open source over the last year Over the last year, the value that your organization is deriving from open source consumption has: (select one) 2% 32% 56% 10% Decreased Stayed the same Increased Don’t know or not sure 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q16, SAMPLE SIZE = 210 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 18

          FIGURE 10 How organizations turn open source policy into practice How does your organization turn open source policy into practice? (check all that apply) Tooling (e.g., license checkers, 52% security scanning) Training and education 45% Evaluates open source before considering other alternatives 42% Manuals, guidelines or checklists 40% Formal review or documentation process 38% Engagement with specialist third parties 36% None of the above 7% 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q13, SAMPLE SIZE = 210, VALID CASES = 210, TOTAL MENTIONS = 547 CONSUMING WITH CONFIDENCE from those in managerial roles. Furthermore, the Sonatype FIGURE 11 shows the level of confidence respondents have study demonstrated this to be an overexpression of confi- in the open source components they consume. We find that dence, by revealing that the open source components some 69% of organizations overall are confident (either extremely people are confident in had known vulnerabilities. or somewhat) that the components they consume are main- tained and up to date. This is an increased level of confi- “ We leveraged the demographic data collected during dence compared with last year’s results (where only 19% were the survey and broke down the results by job title. The extremely confident versus 33% this year). findings were illuminating. There is an ongoing bias toward seeing things in a better light, in which managers This high and increasing level of confidence is quite surprising, report higher stages of maturity compared to what is especially considering recent events. We looked at how reported by other roles. Survey-wide, this discrepancy is responses to this question varied between technical and statistically significant when comparing IT managers and 13 FIGURE 11 shows, that 28% in tech- those working in information security roles.” nontechnical roles, and as nical roles are extremely confident (that components they consume are up to date and maintained), compared with 38% Counter to the confidence expressed by survey respondents, in nontechnical roles reporting the same. This finding echoes the interviews we conducted revealed a much more measured a recent report from Sonatype that uncovered a positive bias response. There is an ever-growing awareness of security, THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 19

          FIGURE 11 IN THEIR WORDS Organizational confidence in the open Financial services leaders on security source components they consume How confident are you that the open source components you “ Cybersecurity and supply chain are now top of mind in a use are maintained and up-to-date? (select one) segmented way they weren’t 20 years ago. Particularly as a regulated by: Which of the following most closely describes your role? entity, we have to be sure that we are secure.”15 33% “ We have tight inbound controls for open source Extremely confident 28% 38% consumption. We also focus on controls for software that is in production, which is vital for any organization with a 36% Somewhat confident 16 38% large legacy estate.” 35% “ We have had an increased involvement in OpenSSF, 20% Not very confident 24% attending meetings and helping to guide that project. It's 15% better for the world. It's for the greater good.”17 7% Not at all confident 9% “ In the first few hours of the Log4J, the vulnerability was 4% reported by someone from a major company, basically Total 5% saying, let us know when it's fixed. I would love to think I Don't know or not sure 1% Technical 8% Non-Technical could have been asking, ‘How can I help with this?’ rather than just ‘Tell me when it's fixed.’”18 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q14 X Q9, SAMPLE SIZE = 210 WHERE IS OPEN SOURCE USED? Open source consumption is occurring on a massive scale. According to Elspeth Minty, Managing Director at RBC supply chain issues, and the overall maintenance challenge Capital Markets, “Open source is used in some form in around of open source software. As a result, organizations, such as 90% of systems. If you include tooling around compilers and OpenSSF, are growing in membership and creating concrete 19 runtime and builds and deployment, it’s 100%.” Another plans to tackle these challenges. NatWest’s Haggarty states, leader who we spoke to detected around 35,000 different “Log4j will result in a sea change. People will think twice open source components, with 128,000 versions of those 14 about what this means—it is starting to knock confidence.” components. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 20

          The survey explored where open source is used, with the top, as shown in FIGURE 13 below. Large organizations have results shown in FIGURE 12. More than half of the respondents vast quantities of data, often distributed across numerous are aware of their organizations using open source software silos. There is a tremendous amount of value “locked up” in for cloud/containerization, web application development, this data, hence the interest in open source tools that can CI/CD and DevOps, AI/ML and data and analytics. However, unlock the stored potential. it is likely that this is simply a reflection of the innovation happening in these particular fields, resulting in increased While it is impossible to list all of the open source projects visibility within the organization as a whole. used within financial services, several were frequently mentioned in our interviews and should likely be consid- We also find that larger organizations (more than 10,000 ered “core” open source projects. These include Java employees) have a greater breadth of open source consump- Spring, Spring Boot, React, Apache Kafka, and Apache tion, with its use in AI/ML, data, and analytics coming out on Cassandra. FIGURE 12 Types of open source software in use In which of the following areas does your organization use open source software? (check all that apply) Cloud/Container Technologies 60% Web & Application Development 58% CI/CD & DevOps 55% AI, ML, Data & Analytics 54% Cybersecurity 40% Linux Kernel 35% Blockchain 30% More than half of the Standards 27% respondents use Storage Technologies 26% OSS in these Networking & Edge 24% areas Open Hardware 15% Augmented/Virtual Reality 11% IoT & Embedded 10% Other (please specify) 2% 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Don’t know or not sure 6% Q15, SAMPLE SIZE = 210, VALID CASES = 210, TOTAL MENTIONS = 954 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 21

          FIGURE 13 Types of open source software in use by organization size In which of the following areas does your organization use open source software? (check all that apply) segmented by: How many employees the organization has worldwide Cloud/Container 50% Technologies 55% 67% Web & Application 62% Development 47% 66% 46% CI/CD & DevOps 46% 66% 38% AI, ML, Data & 47% Analytics 70% 38% Cybersecurity 42% 36% 35% Linux Kernel 30% 37% 23% Blockchain 34% 33% 15% Standards 21% 34% Storage 15% Technologies 33% 23% 23% Networking & Edge 26% 11-249 employees 23% 4% 250-9,999 employees Open Hardware 21% More than 10,000 employees 13% Augmented/ 19% Virtual Reality 15% 7% IoT & Embedded 4% 11% 11% Other (please specify) 12% 0% 0% 4% Don’t know or not sure 6% 6% 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q15 X Q7, SAMPLE SIZE = 209, VALID CASES = 209, TOTAL MENTIONS = 953 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 22

          CONSUMPTION OPPORTUNITIES Briefly exploring the specifics, the productivity benefits of AND CHALLENGES open source software are apparent. There is a great wealth Our survey explored a broad range of motivators, of quality open source software available for free. Modern challenges, and opportunities relating to open source software development is just as much about sourcing and consumption. We asked about the primary motivators assembling suitable components as it is writing new code for increased open source consumption, with the results from scratch. Building on solid open source foundations is FIGURE 14. The primary reason cited for increasing shown in clearly a much more productive way to create software and consumption is to improve productivity, although this was business value. by quite a slim margin, followed by “avoid vendor lock-in” and to make their organization an “attractive place to work,” Regarding vendor lock-in, an equivalent question in a survey with just 4% between the positive sentiment expressed for targeted at a cross-industry demographic within Europe these three answers. Notably, most of the answers had a showed that this was a leading motivation by a significant strong positive sentiment, indicating that there is a breadth margin (13% greater sentiment than the next highest). Vendor of positive reasons to adopt open source software. lock-in refers to the situation where you are essentially FIGURE 14 Motivating factors that increase the consumption of open source My organization should increase its consumption of OSS in order to: Improve productivity 1%3% 14% 31% 51% Avoid vendor lock-in 2%2% 16% 31% 49% Be a more attractive 1%2% 19% 31% 47% place to work Lower cost of ownership 2% 7% 19% 27% 46% Reduce time to market 2% 5% 18% 31% 45% Improve security 4% 9% 21% 24% 43% Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q17, SAMPLE SIZE = 199-203, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 23

          stuck using a particular product or service, regardless of the software. Our survey asked what investments respondent’s quality, because switching away is not practical. Open source organizations could make to clear some of these obstacles, is a mitigation for this risk, as its openness inherently creates with the results shown in FIGURE 15. The area that requires alternative provision routes and typically eases migration if most investment is “legal, compliance, and security,” closely switching. This is clearly less of a perceived risk within finan- followed by “tooling.” Interestingly, the need to invest cial services, perhaps a reflection of the strong “buying in the overall “value proposition” and “leadership” was power” these organizations have compared with smaller relatively low in comparison, which suggests that the chal- organizations in less tech-at-core sectors (e.g., public sector lenges are more operational than strategic in nature. The or education). industry still has a long way to go to make the collective vision of embracing open source a reality. From speaking There are several obstacles and challenges that affect with interviewees, the general sentiment is that open source an individual’s or team’s ability to consume open source consumption is still hard, but contribution is harder. FIGURE 15 Areas of investment that increase the consumption of open source My organization would increase OSS consumption if it focused investment or effort on: Improved policy or supporting 2% 6% 18% 34% 41% training and guidance An Open Source Program Office (OSPO), or clear and visible 1% 6% 21% 32% 40% leader for open source strategy Automated tooling 2%3% 19% 37% 40% to support policy Legal, compliance, or 1% 4% 15% 42% 38% security support A lack of understanding of the 3% 7% 22% 37% 30% nontechnical value proposition Paying for open source support 5% 10% 22% 35% 28% or using more commercial open source software Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q19, SAMPLE SIZE = 192-201, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 24

          Organizational Contribution As described in the previous section, the vast majority of financial institutions have a policy on open source consumption; however, successfully and robustly imple- IN THEIR WORDS menting those policies at scale is complex. When it comes to Financial services leaders contribution, it is even more complicated and can be quite on consumption prohibitive. “ Consumption for our organization is fairly For clarity, our survey and this report include a number of open. We track and validate against licenses different activities in the definition of open source contribu- we can contribute to. We track everything that tion. These are: we consume into our company repositories. • Sending any changes made to an open source project As long as it is a known license, then users can back to the original maintainers for inclusion into upcoming releases. download. This way we can track for potential • Submitting patches or pull requests to open source 20 vulnerabilities.” projects. “ Consumption is bifurcated. Dependency • Opening issues and taking part in online discussions relating to open source projects. requests through our internal repository is a fairly seamless SE scan, file, and exception. In this section, we look at open source contribution and find There are established policies around the following: licenses to use. There is clearance to use any • Financial services organizations face significant challenges contribution if it meets licensing requirements. to open source contribution and lag other industries. To put into production, not just used in a • Despite the challenges, 74% of respondents indicate sandbox, there is a technology selection that there are processes to release code outside their organization, and there has been a 75% increase (from process that goes to the review board.”21 20% in 2021 to 35% in 2022) in firms permitting open source contribution. • A total of 64% of respondents say their organization maintains at least one open source project, and 33% say they maintain between three and 10 projects. • Respondents spend almost double the time contributing THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 25

          to inner source projects than to third-party projects or They should identify training and resources available to projects that their own organizations open source. employees, clearly describe the requirements or restrictions, and lay the foundation for critical processes and tooling CHALLENGES TO OPEN SOURCE CONTRIBUTION that automate and simplify adherence to the policies. It is Financial institutions face significant challenges in enabling also essential to find the best and most efficient ways of and monitoring all types of contributions. It is important to promoting the policies themselves, which is no easy task understand these as we look at the highly regulated indus- given the large amount of information individuals receive try’s progress in increasing contributions to open source every day. projects and standards. While we are seeing an increase in the number of finan- As our 2021 report discusses, open source policies must cial institutions with contribution policies, there are still address legal, compliance, security, and intellectual property numerous factors impeding these organizations’ abilities to concerns while acting as enablers for their employees. FIGURE 16 shows, over make open source contributions. As FIGURE 16 Factors limiting an organization’s willingness to contribute to OSS My organization would increase OSS contribution if it focused investment or effort on: Legal or licensing concerns 6% 11% 14% 30% 39% A fear of leaking 7% 9% 15% 32% 36% intellectual property (IP) A lack of clear 6% 13% 17% 35% 29% return on investment A lack of policy 5% 8% 23% 37% 26% or training materials Technology constraints 8% 10% 26% 32% 24% and challenges Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q27, SAMPLE SIZE = 187-190, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 26

          half of respondents indicate that each factor presented poses a challenge. “Legal or licensing concerns” tops the chart, with “A fear of leaking intellectual property” a close second. One industry professional close to open source told us, FIGURE 17 “We've got a strong model around contribution for projects Steps to review code before it is we open source, as this was the original focus of our gover- released to external repositories nance activities/OSPO. We are working to make the process for contributing back to existing projects much easier; a key aspect of this is increasing automation in time-consuming & What are the steps that need to be reviewed before manually-intensive activities such as code/data loss preven- releasing the code? (check all that apply) 22 tion checks.” Quality checks A total of 63% of respondents also indicate that a “lack of and approvals 71% policy or training materials'' is problematic. Our discussions with subject matter experts reaffirm this and offer additional insight. According to one leader in a large bank, “Legal and Security review 68% clear policies matter, especially in regards to contribution. We are focused on ethics training in regard to code of conduct Legal/compliance and no collusion to protect the firm and its employees—espe- 61% 23 approval and sign-off cially developers (working in open source).” In another bank, there is “mandatory” training around open source, but The time spent even one of the organization’s open source advocates was contributing to open 27% unaware of this. This suggests that in some cases, policies do source is recorded exist but are unknown. Representatives from another invest- ment bank explained how they work to tackle this challenge Don’t know or not sure 16% by promoting their open source training offerings through multiple channels, including internal engineering sites, their human resources portal, engineering training sessions, news- letters, etc. They cannot, however, make it mandatory. 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q22, SAMPLE SIZE = 157, VALID CASES = 157, TOTAL MENTIONS = 382 While “technology constraints and challenges” did not top the list, we know from our interviews that this poses a real challenge to increased contribution. A total of 74% of respon- dents indicate that their organizations have processes to FIGURE 17 shows that these release code externally, and processes cover “quality checks & approvals,” “security THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 27

          review,” and “legal and compliance sign-off.” (There has been CONTRIBUTION IS BECOMING minimal change in these statistics compared to 2021.) We MORE ACCEPTABLE BUT IS STILL also know that these processes are generally manual and time NOT OPENLY ENCOURAGED consuming and that more automation is needed. Financial As reported in the previous section, there has been significant institutions commonly require engineers to obtain pre-ap- growth in openly encouraging open source consumption proval before making any external open source contributions, in the last year. As FIGURE 18 shows, there has also been a which can take weeks or even months. Some organizations positive shift in policies related to open source contribution, have policies that prohibit open source contribution from notably a 75% increase (20% in 2021 to 35% in 2022) in contri- work devices, although contribution may be allowed outside bution being permitted under some circumstances as well as of the workplace provided the open source project uses a a 70% decrease in the percentage of firms that do not permit license that meets established license requirements. contribution (6% in 2022 from 20% in 2021). FIGURE 18 Organizational policy on contributing to open source projects in 2022 and 2021 What statement is closest to your current organization’s policy on contributing to open source projects? (select one) No clear policy (allowed anytime 2021) 14% 15% Contribution is not permitted 6% (not allowed when work related 2021) 20% Contribution is permitted under some 35% conditions (permission based 2021) 20% Contribution is permitted if it is 15% required by the open source license 11% (job requires active participation 2021) 30% Contribution is openly encouraged 34% 2022 2021 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q20, SAMPLE SIZE = 203 2021 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q35, SAMPLE SIZE = 98 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 28

          We also compared financial services with other industries by value of open source, establishing policies, and working on looking at results from a recent survey that spanned multiple awareness, they are further behind in developing and imple- FIGURE 19) show that sectors. The numbers in that survey ( menting the requisite tools and processes that streamline financial services still lags behind other industries in openly open source contribution. As one individual close to open encouraging contribution. (This is the case despite there source at his organization told us, “We think it’s important being a slight difference in survey results, with 30% openly to be able to contribute to upstream projects. If you can’t encouraging contribution in our survey compared to 25% in patch, you may have to fork internally and then keep merging the cross-sector survey.) upstream changes and rebuilding, so it’s inefficient. It’s also the right thing to do and is consistent with our values. We still This finding is consistent with our assertion that although have work to do to make our processes more scalable, but we financial services firms are increasingly understanding the 24 see the value.” FIGURE 19 Variations in contribution policy based on the sector Contribute if it is Contributions Contribution is required by the open are not Don't know openly encouraged source licence No clear policy permitted or not sure Information Technology 61% 6% 25% 2% 6% Professional, Scientific, 58% 8% 24% 0% 12% and Technical Services Telecommunications 48% 22% 13% 7% 11% Public Sector 29% 3% 58% 3% 6% Education 28% 0% 67% 0% 5% Finance and Insurance 25% 4% 53% 6% 13% 2022 WORLD OF OPEN SOURCE: EUROPE SPOTLIGHT SURVEY, Q8 X Q20, SAMPLE SIZE = 760 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 29

          CONTRIBUTION IS INCREASING, This is a significant improvement and particularly interesting DESPITE THE CHALLENGES FIGURE 21 below when compared with the responses seen in Encouragingly, and despite the challenges, FIGURE 20 from the World Of Open Source: Europe Spotlight 2022 shows that organizations are making more time for open report, where we see a greater increase in time allotted for source contribution. A total of 38% of respondents told us contribution within financial services than across sectors in that in the last year, their organization has allocated more Europe. This points to increased focus on open source within time for them to contribute to open source. the financial services industry and sets the expectation that contribution will continue to increase across the industry. FIGURE 20 The change in time that organizations allocate to open source contribution Over the last year, the time and effort your organization has allocated for you to contribute to open source has: (select one) 5% 41% 38% 16% Decreased Stayed the same Increased Don’t know or not sure 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q24, SAMPLE SIZE = 198 FIGURE 21 Perceived changes in contribution effort over the last year at the respondent’s organization 4% 37% 29% 30% Decreased Stayed the same Increased Don’t know or not sure 2022 WORLD OF OPEN SOURCE: EUROPE SPOTLIGHT SURVEY, Q24, SAMPLE SIZE = 703 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 30

          FIGURE 22 Number of open source projects maintained How many open source projects does your company maintain? (select one) 0 19% 12% 64% of the 1 to 2 organizations 3 to 10 33% maintain at least 1 OSS More than 10 19% project Don’t know or not sure 18% 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q29, SAMPLE SIZE = 198 This year, we introduced a new survey question to learn more are more agile and able to implement the necessary policies, about organizational contribution, asking respondents how processes, and tools faster than larger companies. However, many open source projects their organizations maintained, large enterprises (10,000 employees or more) are signifi- with results shown in FIGURE 22. We see that most organi- cantly involved in opening an issue and contributing code to zations (64%) maintain at least one open source project, an open source project. with one third saying they maintain between three and 10 projects. While this may be low compared with other indus- In addition to how and how often respondents are contributing tries, it reflects the journey that the financial services industry to open source, we explored the areas in which their organi- is taking, with an increasing number of organizations moving zations are making open source contributions. Unsurprisingly, from consumption only to consumption and contribution. the responses, as FIGURE 24 shows, largely mirror the responses to the same question on open source consumption. As stated in the beginning of this section, contribution can One exception is that Linux Kernel is much higher up on the list FIGURE 23 reflects below. for consumption (36% of respondents cited using it) than it is take many forms, which for contribution. Kernel development is a very specialized field Evaluating this response by company size, we see that (developed in C/C++), and we showed earlier that financial smaller companies are making more contributions across all services organizations are primarily contributing to projects in types measured. This may indicate that smaller companies Java, JavaScript, Go, and Python. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 31

          FIGURE 23 FIGURE 24 Types of open source contribution Areas of open source contribution On behalf of your organization, have you ever: (check all that apply) In which of the following areas does your organization segmented by: How many employees the organization has worldwide contribute to open source: (check all that apply) 65% Web & Application 35% Opened an issue on 89% Development an open source project 57% Cloud/Container 33% Technologies 69% AI, ML, Data & Analytics 26% Answered queries 54% relating to an open 56% CI/CD & DevOps 25% source project on an 57% online community (e.g., Cybersecurity 22% Stack Overflow, Reddit) 46% Blockchain 21% 49% Contributed code to an 56% Storage Technologies 18% open source project 43% Standards 18% 54% Open Hardware 15% 46% Helped with open 61% Augmented/ 10% source documentation Virtual Reality 44% 41% Networking & Edge 10% IoT & Embedded 8% 28% Contributed designs, 39% graphics or other Linux Kernel 8% non-code assets 33% 20% Other 6% Don’t know 25% Total 11 to249 employees or not sure 250 to 9,999 employees 10,000 or more employees 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q25 X Q7, SAMPLE SIZE = 198, 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q23, SAMPLE VALID CASES = 198, TOTAL MENTIONS = 400, NOTA EXCLUDED SIZE = 198, VALID CASES = 198, TOTAL MENTIONS = 552 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 32

          INNER SOURCE LEADS OVER OPEN FIGURE 25 shows the response to our question regarding work SOURCE CONTRIBUTION time spent on contributions to projects both within the respon- As mentioned in the beginning of the report, many organiza- dent's own organizations and external to their organizations. tions are focusing on inner source efforts. Especially for large organizations, inner source presents an opportunity to reap We can see that 71% of individuals reported spending some many of the widely touted open source benefits—innovation, time on inner source contributions compared with 51% who time-to-market, reduced total cost of ownership—internally spent time on projects their companies have open sourced without the same level of scrutiny and process required to and 50% on third-party projects. It’s also notable that in release code externally. each case, there is a percentage of individuals for whom FIGURE 25 Work time spent on inner source and open source projects Do you spend any time at work Do you spend any time at work Do you spend any time at work contributing to projects that are contributing to externally distributed contributing to third-party open managed by other teams within open source projects that your source projects (i.e. those where your your organization (i.e. inner source employer founded, adopted or employer has no commercial projects)? (select one) sponsors? (select one) relationship)? (select one) No 24% 44% 45% Yes, a few 30% 17% 23% hours a month Yes, a few 22% 15% 10% hours a week Yes, a few 9% 13% 8% days a week Yes, as a full 10% 6% 9% time assignment Don't know 5% 6% 6% or not sure 2022 FINOS STATE OF OSS IN FINANCIAL 2022 FINOS STATE OF OSS IN FINANCIAL 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q30, SAMPLE SIZE = 198 SERVICES SURVEY, Q31, SAMPLE SIZE = 198 SERVICES SURVEY, Q32, SAMPLE SIZE = 198 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 33

          contributing to projects managed by another team, or to and management of the code easier. In several other firms, open source projects themselves, is a full time assignment. there are dedicated inner source teams focused on making internal repositories more open and widely promoting code In our interviews, we learned of a variety of approaches to reuse across areas of the, often siloed, organizations. inner source. For example, in one large investment bank, they are beginning to encourage more inner source activities, but FIGURE 26 shows that respondents identified several areas there is no central push for this. That bank’s current focus for their organizations to focus their efforts on to increase is on internal collaboration around small components with contribution, demonstrating that there is no shortage of minimal dependencies, as this makes the overall collaboration improvements to make. FIGURE 26 How organizations can increase their level of open source contribution My organization's contribution to OSS would increase if it focused investment or effort on: Allocating employee time for 2%3% 15% 35% 44% open source contributions Organization-wide education 3%3% 15% 36% 43% on the value proposition Providing clearer 3%3% 20% 33% 41% policies to employees Funding open source projects 1% 5% 15% 39% 40% Open sourcing its own 5% 7% 15% 35% 38% products or internal tools Getting involved in industry or 1%4% 26% 36% 32% government policymaking Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q28, SAMPLE SIZE = 186-191, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 34

          Leadership In this section, we explore how different forms of leadership, FIGURE 27 from bottom up to top down, impact the perception and PRESENCE OF OSPOS OR REVIEW BOARDS success of open source in an organization. We also look at several challenges that leaders need to address. We find that: Do you have an Open Source Program Office • There has been a slight (16%) increase in the prevalence of (OSPO) or formal review board? OSPOs within financial services organizations. • Having an OSPO or visible leader has a significant positive Have OSPO or clear 51% OSS leadership impact on employees’ perception of their organizations as leaders in open source. Have OSPO 44% • Comparing organizations with OSPOs to those without, those with OSPOs are just over twice as likely to openly 2022 2021 encourage consumption and almost three times as likely to 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q9, SAMPLE SIZE = 249 openly encourage contribution. 2021 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q11, SAMPLE SIZE = 135 • While those in both business and technology roles influence open source in their organizations, technologists are viewed as slightly more influential. strongly agree or somewhat agree) with an OSPO believe that their firm is a leader in open source within the financial • Open source leadership is nuanced and requires leaders services compared with 22%, where there is neither an OSPO of all levels of seniority from individual developers nor visible OSS leadership. to executives to address such challenges as siloed workforces and cultural differences. Organizations with OSPOs also tend to have relatively senior open source leaders. FIGURE 29 shows that collectively, 73% OSPOS AND SENIOR OPEN SOURCE LEADERSHIP of organizations with an OSPO or visible OSS leadership are ARE BECOMING MORE PREVALENT led by C-, managing director-, executive director-, or direc- One critical way for an organization to show commitment tor-level staff. to open source and provide a visible form of leadership is to create an OSPO, ideally with one or more senior, visible OSPOS INCREASE CONSUMPTION leaders advocating for open source within their organization. AND CONTRIBUTION FIGURE 27 shows that the number of organizations with The most compelling findings related to having an OSPO OSPOs or clear leadership in 2022 has grown by 16%, from are the significant positive influence they have on encour- 44% with an OSPO in 2021 to 51% with an OSPO in 2022. aging both open source consumption and contribution within FIGURE 30 shows that organizations with a an organization. Having an OSPO in place has a positive impact on employees’ visible OS leader or OSPO (62%) are just over twice as likely FIGURE 28 perceptions of open source in their organizations. to have a policy openly encouraging consumption than those shows that 69% of respondents in organizations (those who without (29%). THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 35

          FIGURE 28 View of employer as an open source leader depending on the presence of an OSPO To what extent do you agree with the following statement: “My employer is a leader in open source” (select one) segmented by: OSPO/visible leader or neither OSPO/visible leader 9% 12% 9% 24% 45% Neither OSPO 26% 25% 27% 16% 6% or visible leader Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q8 X Q9, SAMPLE SIZE = 186-191, DKNS EXCLUDED FIGURE 29 FIGURE 30 Seniority level of open source Organizational policy on consuming open source leadership when an OSPO exists depending on the presence of an OSPO What level of seniority is your open source What statement is closest to your current organization’s policy on open leadership (individual leader, primary advocate, source consumption? (select one) segmented by: OSPO/visible leader or most senior member of OSPO)? (select one) for organizations with an OSPO/visible leader Consumption is 46% openly encouraged 62% C-Level 19% 29% Managing Director/SVP 15% Consumption is 40% permitted under 32% Executive Director/VP 18% limited conditions 49% Senior Enterprise Architect/ 6% 8% Chief Architect No clear policy 1% Director 21% 15% Manager/Team Lead 17% Consumption is 3% No identified leader 2% 4% not permitted 2% Other (please specify) 1% Total Don't know or not sure 2% Don’t know 3% OSPO/Visible Leader or not sure 2% 5% Neither OSPO/Visible Leader 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q10 X Q9 SAMPLE SIZE = 127 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q12 X Q9, SAMPLE SIZE = 210 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 36

          FIGURE 31 FIGURE 32 Organizational policy on contributing Time that organizations allocate to to open source projects depending employees for open source contribution on presence of an OSPO depending on the presence of an OSPO What statement is closest to your current organization’s Over the last year, the time and effort your organization policy on contributing to open source projects? has allocated for you to contribute to open source has: (select one) segmented by: OSPO/visible leader (select one) segmented by: OSPO/visible leader Contribution is 33% 38% permitted under 34% Increased 54% some conditions 31% 20% Contribution is 28% 41% 41% Stayed 37% openly encouraged 14% the same 47% Contribution is 14% permitted if it is 16% 5% required by the Decreased 5% open source license 13% 4% Total 13% 16% OSPO/Visible Leader No clear policy 2% Don’t know 5% Neither OSPO/ 26% or not sure 29% Visible Leader 6% Contribution is 6% 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q24 X Q9, SAMPLE SIZE = 198 not permitted 6% Total Don’t know 6% OSPO/Visible Leader 2% Gil Yehuda, Head of Open Source at U.S. Bank, “Policies tend or not sure 11% Neither OSPO/Visible Leader to be about things you can’t do, not about things you should do. They are designed to prevent bad things from happening, 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q20 X Q9, SAMPLE SIZE = 203 as opposed to enabling opportunity. We have an initiative to 25 create the opportunity to view technology more strategically.” FIGURE 31 shows similar results for contribution, where the Firms with a visible OS leader or OSPO are also much more presence of an OSPO almost triples the number of organiza- likely to allocate time for their employees to make open source FIGURE 32 shows that over half (54%) of respon- tions with policies that openly encourage contribution (41% contributions. compared with 14%). There is also a much higher awareness dents in organizations with an OSPO have been allocated more of there being policies in place. time for contribution in the last year compared with less than a quarter (20%) in organizations without OSPOs. Establishing This is unsurprising as organizations with OSPOs or visible open an OSPO or creating a leadership role for open source not only source leaders are more likely to consider open source as stra- signals a commitment to open source but also has a substantial tegic for their firms and an important enabler. According to positive impact on the firm's open source contributions. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 37

          These results point to the importance of establishing a group LEADERSHIP IS NUANCED responsible for advancing policies and the implementation of Finally, we look at who influences open source in respondents’ those policies within a firm. It’s also important to understand FIGURE 33 shows that individuals in technology organizations. that establishing an OSPO is just the beginning and that roles have more influence than those in business roles, with those groups need to be structured, supported, and funded individuals, managers, and executives having similar levels of in a way that can lead to success. influence. This points to financial services organizations bene- fiting from both bottom-up and top-down influences. While As described by one bank open source leader, “OSPOs tend technologists are more influential, it is important to note that to operate through influence and ambassadorship across most respondents also recognized the influence of those in the organization. We have representation from legal, risk business functions. For open source to deliver to its potential, management, enterprise architecture, security teams, asset it’s essential for an organization to have both business and management, executive level, and engineers who all partic- technology leaders who recognize and promote its value. ipate. Each is involved in the decisions that directly impact 26 CONTINUED ON PAGE 40 their areas of work.” FIGURE 33 Individuals with influence over the direction of open source in their organizations To what extent do you agree/disagree over the direction of OSS in your organization? Individual contributors in technology 7% 7% 10% 28% 49% Executives in technology functions 3% 9% 14% 27% 48% Managers in technology functions 3% 7% 12% 37% 41% Executives in business functions 12% 6% 17% 30% 35% Individuals in business functions 12% 12% 20% 27% 29% Managers in business functions 13% 11% 16% 31% 28% Industry analyst firms 10% 11% 25% 27% 28% Management consulting firms 9% 13% 20% 31% 27% Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q11, SAMPLE SIZE = 224-243, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 38

          IN THEIR WORDS Financial services leaders on leadership challenges In our interviews, we heard numerous examples of the challenges that “ One of the challenges in defining an open source policy and open source leaders face within financial services organizations. Below implementing corresponding practices stems from differing are a few examples that illustrate common challenges: views on the level of risk that is acceptable. Getting to zero Cultural differences and silos are hard to navigate vulnerabilities is extremely difficult, so it’s important to factor One individual close to open source in their organization explained that in the potential impact of vulnerabilities when determining one of their biggest challenges is cultural: dealing with inertia, silos, and risk. It’s equally important to have senior management agree inter-team collaboration. He noted that it can be very difficult to stan- 28 dardize and formalize policies across different groups and departments to a policy that can be achieved at this level.” within the organization. Open source stakeholders may have different Bottom-up and top-down leadership both add value priorities, which compete for resources Bottom-up and top-down support are important. According to one interviewee: “ Appetite may vary based on business function; it can depend a lot on the actual managing director. For “ Our CTO and VP are keen on promoting emerging tech example, in commercial investment banking, it is seen utilizing a top-down approach but also with developer as massively important, where open source projects like ambassadors. This creates better top-down alignment. Rosetta can revolutionize regulation by code. But there This helps me and the OSPO make sure that the things we is not as much interest to invest in retail banking-focused do are embedded into our core business. It’s clear that the 29 27 OSPO’s job is to be aligned with the business.” projects.” In one bank we spoke with, the stakeholders for initiatives related to open Another interviewee described the bottom-up approach. They said: source consumption go all the way to the management board with signif- icant top-down support coming from the CTO. However, in that same “ When it comes to contribution, it is definitely a organization, the stakeholders focused on contribution work in another bottom-up push. We have engineers who really believe in department and don’t benefit from the same level of senior support. 3031 contributing to open source and have pushed it.” THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 3939

          Opportunities point to this trend continuing. As organizations continue to In the final section of the survey, we asked respondents to understand the value of open source, there is an opportunity identify the top opportunities open source holds for financial to reframe the strategic importance of technology. services. In this section, we report that: There is also an opportunity to improve existing policies and • There is overwhelming agreement that open source is processes. As one senior leader noted, “If there was tooling valuable to the future of the industry. that allowed us to plug into the same security scanning work- • More collaboration could improve open source policies, flows we use for external libraries, enabling the security processes, and tooling. controls to apply to any code going to open source before it goes public, that would go a long way in addressing concerns • The top areas in which the industry can benefit from open 32 that firms have about contributions.” Firms also need to source include digital identity, common workflows, and understand that policies, especially those which may have innovation. been written many years ago, need to undergo continuous • “AI, ML, Data and Analytics” was the most valuable updates. As technology evolves, organizations find them- technology for the future of financial services. selves with new audiences, more automation, and an ability to see the present through a lens that perhaps didn’t exist We’ve shown that efforts around both consumption and at the time of an open source policy’s initial creation. One contribution have grown in the last year, and all indicators leader close to open source in a bank explained that they FIGURE 34 Open source is valuable to the future of the financial services industry To what extent do you agree that open source is valuable to the future of the financial services industry? (select one) 4% 2% 8% 22% 65% Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q35, SAMPLE SIZE = 189, DKNS EXCLUDED THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 40

          focus on implementing processes that can handle changes in In terms of where open source can and should be applied tools since tools are likely to change, but processes tend to FIGURE 35 below shows within the financial services industry, stick around for a long time. There is a real opportunity here that opportunities abound, with no strong consensus on a for much more substantial industry collaboration to address single aspect of the industry. With an industry this large and policy, process, and tooling challenges. complex, we would expect a wide range of opportunities. FIGURE 35 Many aspects of the financial services industry would benefit from open source engagement Which aspects of financial services would most benefit from open source? (select up to three) Digital identity 31% Common workflows 28% (specific to financial services) Innovation 27% Industry standards 25% Cross-industry collaboration 22% Reducing operating costs 19% Improving productivity 18% Sharing of data/open data 17% Reducing product 16% development costs Regulation and legal compliance 16% System interoperability 16% Risk management 14% Transparency 12% Robotic process automation (RPA) 6% User experience 5% Other (please specify) 1% Don’t know or not sure 5% 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q38, SAMPLE SIZE = 196, VALID CASES = 196, TOTAL MENTIONS = 539 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 41

          Regarding which technologies respondents identified as One individual highlighted a focus area that has the potential FIGURE 36 shows that valuable to the future of financial services, to unlock progress across the board: “If there is an opportu- “AI, ML, and Data & Analytics” ranked top, which increased from nity to engage with regulators to agree what best practices its third-place ranking in 2021. Cybersecurity was the second look like for open source in financial services, this could help ranked technology in this year’s survey, which speaks to its unlock benefits for the entire industry.33” importance as an area requiring both attention and investment. FIGURE 36 Areas of open source identified as valuable to the future if financial services Which open source technologies do you feel are the most valuable to the future of financial services? (select up to three) AI, ML, Data & Analytics 47% Cybersecurity 36% Blockchain/Distributed ledger technology (DLT) 34% Cloud 33% Web & Application Development 29% CI/CD 20% DevOps 19% Linux Kernel 10% Open Hardware 8% Augmented/Virtual Reality 6% IoT & Embedded 6% Networking & Edge 6% Storage 6% Don’t know or not sure 6% 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q37, SAMPLE SIZE = 196, VALID CASES = 196, TOTAL MENTIONS = 519 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 42

          Conclusions and actionable insights Increased focus on open source “Understanding open source will improve security usage can really help drive the The financial services industry is undoubtedly increasing its open source engagement across a broad range of institu- 34 conversation on contribution.” tions, both large and small, but still lags behind other indus- tries. The positive trend is encouraging as borne out by the Focus on the value proposition and data in this report and recent industry activities such as ISDA’s (well-established industry standards body focused on deriva- moral imperative of open source tives) announcement to open source its Common Data Model Statistics shared in the report, including the increase in (CDM). As described in this report, the industry is a massive GitHub commits and a better number of financial institu- consumer of open source, and with open source security tions open sourcing their own code, point to growth in the receiving a high degree of attention and scrutiny across indus- open source community within financial services. We have tries, it is the right time for financial services organizations to additional evidence to support a growing community, such increase their budget for, and focus on, establishing policies as double the number of attendees joining a conference and implementing processes for both consumption and contri- dedicated to open source in financial services, a substantial bution. One industry professional explained that financial increase in FINOS membership, and a very large increase services tends to be quite restricted in what it allows and that year-on-year in downloads of financial services specific open this is inherent to the nature of the industry. It’s only a matter source projects hosted by FINOS. Another observation that of time before a pressing problem arises, and organizations struck the authors this year was a much stronger sense of find themselves unable to contribute a much-needed fix. moral obligation to contribute to open source than in previous years. Such statements as, “If you are leveraging a signif- Here are a few actions the industry can take: icant amount of open source, there’s definitely a responsibility • Engage in cross industry collaboration through there to contribute back. It’s not just for other people to do in 35 partnerships with foundations such as OpenSSF to their spare time.” were far more prevalent. However, that’s increase the understanding of open source. not to say that there still isn’t more work to do. • Implore more regulators (some are already making Here are a few suggestions to continue building the financial progress) to focus on supporting the industry’s open services open source community: source collaboration, and establish groups within their • Financial organizations with OSPOs (or looking to form organizations to focus solely on this. OSPOs) should commit one or more resources to join • Identify the open source libraries most commonly used collaborative efforts (including tooling and workflows) within the industry, and focus on enabling contributions to aimed at solving challenges the highly regulated those libraries. community faces around making contributions. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 43

          • Organizations newer to open source should identify one Based on the survey findings, we suggest that organizations: or more individuals within their organizations to be open • Establish an OSPO with senior and visible leadership, and source advocates and allot time for them to participate in produce clear policies on consumption and contribution. open source community activities. • Individuals interested in open source or collaboration more • Widely and consistently promote awareness of open generally should dedicate some time to finding an open source policies. Consider mandating training on the source community working on a topic of interest to them. policies until open source is embedded within the culture of the organization. While many organizations are making great • Provide education on best practices in open source, strides, far more need to follow their lead license management, community building, etc. It is very encouraging that financial services organizations (Individuals, if your organization isn’t offering this are more openly supporting both consumption and contri- education, ask for it.) bution, allotting more time for individuals in their organiza- • Establish internal, cross-departmental forums for tions to participate in open source activities and recognizing individuals to share their open source experiences and the value of open source for talent attraction and retention. successes, helping to break down silos and retain talent. The increasing number of OSPOs and the positive sentiment toward open source within organizations is a good foun- Clearly, the financial services industry has plenty of dation to build upon. There are still challenges that must work ahead for it to realize the full value of open source. be addressed and a long path to reaching the open source Collaboration among industry competitors to create shared maturity of other industries, but there is an increasing benefits takes time, dedicated resources, a leadership vision, number of organizations taking the right steps to solve these. and a cultural environment primed for open source innova- tion. While a strong foundation exists, open source in the financial services is in its earliest days. This truth is perhaps best captured in the words of one industry leader, who states, “How we in the financial services industry work with our peers in open source project communities is a muscle that we still need time to develop.”36 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 44

          The State of Open Source in Financial Services - Page 44
          Current Time 0:00
          Duration -:-
          Loaded: 0%
          Stream Type LIVE
          Remaining Time 0:00
           
          1x
            • Chapters
            • descriptions off, selected
            • captions off, selected

              Endnotes 1 The 2021 The State of Open Source in Financial Services Report double- 19 Interview with Elspeth Minty, Managing Director, RBC Capital Markets, counted some repositories due to data processing errors, hence the values August 29, 2022 reflected in this report (for 2021) are lower than those in the previous report. 20 Interview with Technical Architect at multinational investment bank and 2 Interview with Gil Yehuda, Head of Open Source at U.S. Bank. May 27, 2022 financial services firm, Sept 8, 2022 3 Interview with OSPO leader at a prominent North America-based asset 21 Interview with Head of Open Source at a US financial services institution, manager. June 2, 2022 Sept 9, 2022 4 Interview with Technical Architect at multinational investment bank and 22 Interview with open source lead at global investment bank, September 29, financial services firm, Sept 8, 2022 2022. 5 Interview with Elspeth Minty, Managing Director, RBC Capital Markets, 23 Interview with Technical Architect at multinational investment bank and August 29, 2022 financial services firm, Sept 8, 2022 6 Interview with distinguished engineer, global bank, October 19, 2022 24 Interview with distinguished engineer, global bank, October 19, 2022. 7 Interview with Head of Open Source at a US financial services institution, 25 Interview with Gil Yehuda, Head of Open Source at U.S. Bank, May 27, Sept 9, 2022 2022. 8 Census II of Free and Open Source Software — Application Libraries, 26 Interview with Gil Yehuda, Head of Open Source at U.S. Bank, May 27, inuxfoundation.org/wp-content/uploads/LFResearch_Harvard_Census_ 2022. II.pdf 27 I nterview with Technical Architect at multinational investment bank and 9 Interview with OSPO leader at a prominent North America-based asset financial services firm, Sept 8, 2022 manager, June 2, 2022 28 Interview with Mark Hoare, Deutsche Bank, September 29, 2022. 10 Interview with OSPO leader at a prominent North America-based asset 29 Interview with Head of Open Source at a US financial services institution, manager, June 2, 2022 Sept 9, 2022 11 World of Open Source: Europe Spotlight 2022, www.linuxfoundation.org/ 30 Interview with Distinguished Engineer, global bank, October 19, 2022 research/world-of-open-source-europe-spotlight 31 Interview with Distinguished Engineer, global bank, October 19, 2022 12 Interview with Jonathan Haggarty, Head of Bank APIs Technology, Natwest. August 17, 2022. 32 Interview with Elspeth Minty, Managing Director, RBC Capital Markets, August 29, 2022 13 www.sonatype.com/state-of-the-software-supply-chain/software- supply-chain-maturity 33 Interview with Sally Ellard, Deutsche Bank, September 29, 2022. 14 Interview with Jonathan Haggarty, Head of Bank APIs Technology, 34 Interview with Mark Hoare, Deutsche Bank, September 29, 2022. NatWest. August 17, 2022. 35 Interview with Elspeth Minty, Managing Director, RBC Capital Markets, 15 Interview with Distinguished Engineer at a global bank, October 19, 2022 August 29, 2022 16 Interview with Distinguished Engineer at a global bank, October 19, 2022 36 Interview with OSPO leader from a prominent North America-based asset manager, June 2, 2022 17 Interview with OSPO leader from a prominent North America-based asset manager, June 2, 2022 18 Interview with Elspeth Minty, Managing Director, RBC Capital Markets, August 29, 2022 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 45

              Methodology This research report draws on survey data, by the Linux Foundation and FINOS. The survey • A respondent had to be somewhat familiar, industry data, and insights culminating from a was distributed and promoted across research very familiar, or extremely familiar with their series of qualitative interviews. Senior IT leaders partner social media channels, websites, news- organization’s approach to open source. fluent in open source technologies, communities, letters, and via direct email campaigns. The • A respondent had to answer the first and challenges were invited to share their insights. survey sample also included qualified responses content question after the screening and from a third-party panel provider. demographic questions. In-depth interviews The data from the 2021 study and this 2022 The margin of error for this sample size (N = Interviews were recorded so that transcripts survey are openly available on data.world. Like could be produced. Such transcripts were strictly 249) is +/- 5.2% with 90% confidence. last year, this 2022 survey primarily focused on controlled and used only for purposes of this both end-user organizations and fintech vendors. Year-over-year comparisons report. If a recording was not permitted, then End-user organizations are primarily consumers detailed notes were taken. Questions were also Comparisons were made between data collected of IT products and services, whereas fintech in 2021 and 2022, question and response design shared for completion via email. Unless quotes vendors are primarily producers of IT products were given explicit approval by the named indi- permitting. Respondents had to answer nearly and services. We made comparisons between all questions in the survey, so there are situa- viduals and/or their organizations, sources were 2021 and 2002 questions where possible. anonymized. tions when a respondent is unable to answer a Percentage values in charts may not add up to question because it is outside the scope of their About the survey 100% due to rounding. role or experience. For this reason, a “Don’t know or not sure” (DKNS) response was presented to From July 12 to September 21, 2022, FINOS and the respondent. The share of DKNS responses in its research partners fielded a worldwide survey Screening criteria a question influences the percentage values of of qualified individuals within (or providing The qualified sample size analyzed for the 2022 the remaining responses. Generally, we present services to) the financial services industry on survey was 249. This sample size reflects those the percentage of respondents who answer various questions related to organizational open respondents who passed various screening and DKNS as a valid response to each question. source consumption, contribution, opportunities, filtering criteria, including the following: and challenges. One exception is when we are performing • A respondent had to self-identify as a real year-over-year comparisons. Differences in the The quantitative survey was designed to engage person. percentage of DKNS responses between ques- key stakeholders at the intersection of open • A respondent had to be employed tions year over year will skew the comparative source and financial institutions, including full or part time. results. Therefore, when performing year-over- developers, IT leaders, executive manage- • A respondent had to be employed by the year comparisons, we exclude DKNS responses ment, security, legal, procurement, and human financial services industry or by a company and recalculate percentages so that we have a resources. This was combined with distillation that develops financial services focused normalized basis for comparing the remaining and benchmarking of previous work conducted technology (i.e., a fintech). percentage values. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 46

              Resources Reports Projects • A Guide to Enterprise Open Source • FINOS Open Source Readiness Special interest Group • World of Open Source: Europe Spotlight 2022 • FINOS Inner Source Special Interest Group • 2021 State of Open Source in Financial Services Report • Open Source Project Catalogs (FINOS, Linux Foundation, • A Deep Dive into Open Source Program Offices: Apache Foundation, Eclipse Foundation) Structure, Roles, Responsibilities, and Challenges • A Guide to Open Source Software for Procurement Professionals Guides & Training • A Beginner’s Guide to Open Source Software Development (Free Training) • Using Open Source Code • Releasing Internal Code into a New Open Source Project • Marketing Open Source Code • Tools for Managing Open Source Programs • How to Create an Open Source Program Office • Open Source Program Office 101 (Free Training) • Fostering An Open Environment For Developers In A Regulated Industry (Webinar) THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 47

              Acknowledgments This report and the research behind it would not have been possible without the contributions of many individuals. Beginning with the research team partners, the authors wish to thank the entire FINOS and Linux Foundation teams, including Gabriele Columbro, Alena Davis, Michael Dolan, Jane Gavronsky, Aaron Griswold, Lawrence Hecht, Anna Hermansen, Noah Lehman, Win Morgan, Niamh Parker, Jason Perlow, Julia Ritter, Melissa Schmidt, Alexandra Stratigos, and Chip Stuart; Scott Logic team members Paul Dykes and Claire Cocks; and Philip Holleran from GitHub. Together, this group facilitated various aspects of the research, including survey design, survey distribution, data analysis, and dataset contributions, and supported interview outreach. We thank our partners from GitHub, Intel, Mend, Scott Logic, SUSE, Symphony, Tradeweb, and Wipro for helping to distribute the survey and all respondents who took the time to complete the survey. We are especially grateful to our interviewees, whose rich insights feature prominently throughout this report. Finally, thanks to all who continue to contribute to open source in the financial services industry. Disclaimer This report is provided “as is.” The Linux Foundation and its authors, contributors, and/or sponsors expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to this report. In no event will the Linux Foundation and its authors, contributors, and sponsors be liable to any other party for lost profits or any form of indirect, special, incidental, or consequential damages of any character from any causes of action of any kind with respect to this report, whether based on breach of contract, tort (including negligence), or otherwise, and whether or not they have been advised of the possibility of such damage. Sponsorship of the creation of this report does not constitute an endorsement of its findings by any of its sponsors This report has been updated since its original release on 12.15.22. This second version, released on 01.03.23, corrects errors found in the original text and graphics. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 48

              FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collabora- tive software development practices in financial services. It is a regulatory GitHub is the developer company. We make it easier for developers compliant platform at the center of open source, enabling the financial to be developers: to work together, solve challenging problems, and services industry to develop new technology projects and standards that have create the world’s most important technologies. We foster a collabora- a lasting impact on business operations. FINOS counts over 60 major financial tive community that can come together—as individuals and in teams—to institutions, fintechs, and technology consultancies as part of its membership. create the future of software and make a difference in the world. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. twitter.com/finosfoundation Red Hat is the world’s leading provider of enterprise open source solutions— www.linkedin.com/company/finosfoundation including Linux, cloud, container, and Kubernetes. We deliver hardened www.youtube.com/c/FINOS solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge. github.com/昀椀nos At Scott Logic, we love difficult. Our 300 U.K.-based consultants collaborate Founded in 2021, Linux Foundation Research explores the growing scale with some of the world’s biggest enterprises, providing a pragmatic approach to of open source collaboration, providing insight into emerging technology software development and delivering measurable value through insightful tech- trends, best practices, and the global impact of open source projects. nology advice. Our mission is to help our clients envision, design, build, and run the Through leveraging project databases and networks, and a commitment software applications that meet their needs and deliver the unique services their to best practices in quantitative and qualitative methodologies, Linux customers demand. Foundation Research is creating the go-to library for open source insights for the benefit of organizations the world over. twitter.com/linuxfoundation Copyright © 2022 FINOS facebook.com/TheLinuxFoundation This report is licensed under the Creative Commons linkedin.com/company/the-linux-foundation Attribution-NoDerivatives 4.0 International Public License. youtube.com/user/TheLinuxFoundation To reference this work, please cite as follows: Hilary Carter, Cara Delia, Tosha Ellison, Colin Eberhardt, Stephen Hendrick, Philip Holleran, “The 2022 State of Open Source in Financial Services,” foreword by Gabriele Columbro, The Linux Foundation, December 2022.