Conclusions and actionable insights Increased focus on open source “Understanding open source will improve security usage can really help drive the The financial services industry is undoubtedly increasing its open source engagement across a broad range of institu- 34 conversation on contribution.” tions, both large and small, but still lags behind other indus- tries. The positive trend is encouraging as borne out by the Focus on the value proposition and data in this report and recent industry activities such as ISDA’s (well-established industry standards body focused on deriva- moral imperative of open source tives) announcement to open source its Common Data Model Statistics shared in the report, including the increase in (CDM). As described in this report, the industry is a massive GitHub commits and a better number of financial institu- consumer of open source, and with open source security tions open sourcing their own code, point to growth in the receiving a high degree of attention and scrutiny across indus- open source community within financial services. We have tries, it is the right time for financial services organizations to additional evidence to support a growing community, such increase their budget for, and focus on, establishing policies as double the number of attendees joining a conference and implementing processes for both consumption and contri- dedicated to open source in financial services, a substantial bution. One industry professional explained that financial increase in FINOS membership, and a very large increase services tends to be quite restricted in what it allows and that year-on-year in downloads of financial services specific open this is inherent to the nature of the industry. It’s only a matter source projects hosted by FINOS. Another observation that of time before a pressing problem arises, and organizations struck the authors this year was a much stronger sense of find themselves unable to contribute a much-needed fix. moral obligation to contribute to open source than in previous years. Such statements as, “If you are leveraging a signif- Here are a few actions the industry can take: icant amount of open source, there’s definitely a responsibility • Engage in cross industry collaboration through there to contribute back. It’s not just for other people to do in 35 partnerships with foundations such as OpenSSF to their spare time.” were far more prevalent. However, that’s increase the understanding of open source. not to say that there still isn’t more work to do. • Implore more regulators (some are already making Here are a few suggestions to continue building the financial progress) to focus on supporting the industry’s open services open source community: source collaboration, and establish groups within their • Financial organizations with OSPOs (or looking to form organizations to focus solely on this. OSPOs) should commit one or more resources to join • Identify the open source libraries most commonly used collaborative efforts (including tooling and workflows) within the industry, and focus on enabling contributions to aimed at solving challenges the highly regulated those libraries. community faces around making contributions. THE 2022 STATE OF OPEN SOURCE IN FINANCIAL SERVICES 43
The State of Open Source in Financial Services Page 42 Page 44