half of respondents indicate that each factor presented poses a challenge. “Legal or licensing concerns” tops the chart, with “A fear of leaking intellectual property” a close second. One industry professional close to open source told us, FIGURE 17 “We've got a strong model around contribution for projects Steps to review code before it is we open source, as this was the original focus of our gover- released to external repositories nance activities/OSPO. We are working to make the process for contributing back to existing projects much easier; a key aspect of this is increasing automation in time-consuming & What are the steps that need to be reviewed before manually-intensive activities such as code/data loss preven- releasing the code? (check all that apply) 22 tion checks.” Quality checks A total of 63% of respondents also indicate that a “lack of and approvals 71% policy or training materials'' is problematic. Our discussions with subject matter experts reaffirm this and offer additional insight. According to one leader in a large bank, “Legal and Security review 68% clear policies matter, especially in regards to contribution. We are focused on ethics training in regard to code of conduct Legal/compliance and no collusion to protect the firm and its employees—espe- 61% 23 approval and sign-off cially developers (working in open source).” In another bank, there is “mandatory” training around open source, but The time spent even one of the organization’s open source advocates was contributing to open 27% unaware of this. This suggests that in some cases, policies do source is recorded exist but are unknown. Representatives from another invest- ment bank explained how they work to tackle this challenge Don’t know or not sure 16% by promoting their open source training offerings through multiple channels, including internal engineering sites, their human resources portal, engineering training sessions, news- letters, etc. They cannot, however, make it mandatory. 2022 FINOS STATE OF OSS IN FINANCIAL SERVICES SURVEY, Q22, SAMPLE SIZE = 157, VALID CASES = 157, TOTAL MENTIONS = 382 While “technology constraints and challenges” did not top the list, we know from our interviews that this poses a real challenge to increased contribution. A total of 74% of respon- dents indicate that their organizations have processes to FIGURE 17 shows that these release code externally, and processes cover “quality checks & approvals,” “security THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 27