Therefore, it is likely that the volume of consumption is breadth of dependencies is so large; there is no way to FIGURE 9 increasing, as is the value derived from open source. manage this without automation and a “group think” across shows that our survey reflects this overall positive sentiment, the entire ecosystem. The solution has to be part of the where 56% report that the value their organization derives Software Development Lifecycle, it has to be baked-in. 12 from open source has increased this year. Anything relying on manual intervention is destined to fail.” “ The value of open source is apparent and obvious due While open source has tremendous value, which policy and to its ubiquity. The difficulty is in expressing the value tooling can help organizations to unlock, it is not without of c ontribution.” —Executive director of a global bank risk. There have been a number of high-profile security inci- dents relating to critical open source components recently PUTTING POLICY INTO PRACTICE (e.g., Log4Shell), which have resulted in equally high profile Open source consumption is a complex process. A written initiatives to address these challenges. There has also policy, no matter how well formed, is simply not enough. A been an increased interest in the use of standards such whole range of other activities and artifacts must support it. as Software Bill of Materials (SBOMs) across the overall In our survey, we asked how organizations turn open source software supply chain, which is an acknowledgment that FIGURE 10 shows the results. both are becoming increasingly complex. The software policy into practice. supply chain was the topic of a recent White House briefing, We see a diverse set of responses across tooling, educa- which highlighted the critical role it plays in protecting a tion, formal processes, and guidelines. All these activities nation's cybersecurity. While it wasn’t mentioned explic- and artifacts play an important role. According to NatWest’s itly, the “supply chains'' that are being referenced will most Jonathan Haggarty, Head of Bank APIs Technology, “The certainly contain a lot of open source code. FIGURE 9 Comparison of the perceived change in the value organizations have derived from open source over the last year Over the last year, the value that your organization is deriving from open source consumption has: (select one) 2% 32% 56% 10% Decreased Stayed the same Increased Don’t know or not sure 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q16, SAMPLE SIZE = 210 THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 18
The State of Open Source in Financial Services Page 17 Page 19