Organizational Contribution As described in the previous section, the vast majority of financial institutions have a policy on open source consumption; however, successfully and robustly imple- IN THEIR WORDS menting those policies at scale is complex. When it comes to Financial services leaders contribution, it is even more complicated and can be quite on consumption prohibitive. “ Consumption for our organization is fairly For clarity, our survey and this report include a number of open. We track and validate against licenses different activities in the definition of open source contribu- we can contribute to. We track everything that tion. These are: we consume into our company repositories. • Sending any changes made to an open source project As long as it is a known license, then users can back to the original maintainers for inclusion into upcoming releases. download. This way we can track for potential • Submitting patches or pull requests to open source 20 vulnerabilities.” projects. “ Consumption is bifurcated. Dependency • Opening issues and taking part in online discussions relating to open source projects. requests through our internal repository is a fairly seamless SE scan, file, and exception. In this section, we look at open source contribution and find There are established policies around the following: licenses to use. There is clearance to use any • Financial services organizations face significant challenges contribution if it meets licensing requirements. to open source contribution and lag other industries. To put into production, not just used in a • Despite the challenges, 74% of respondents indicate sandbox, there is a technology selection that there are processes to release code outside their organization, and there has been a 75% increase (from process that goes to the review board.”21 20% in 2021 to 35% in 2022) in firms permitting open source contribution. • A total of 64% of respondents say their organization maintains at least one open source project, and 33% say they maintain between three and 10 projects. • Respondents spend almost double the time contributing THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 25