Supply Chains & SBOMs – The New Benchmarks for Open Source Integration

In this talk PwC talks about standardisation of Open Source compliance and security within the Financial Services sector. How can a basis of trust towards Open Source be introduced and how can this be demonstrated for one's own supply chain? What role do projects like OpenChain, the OpenChain Security Assurance Guide, SBOM standards, Sigstore, SLSA and also the distributors have to play so that Open Source use becomes scalable, documentable and assessable? Open Source might bring new security gaps, attack vectors and licence compliance problems into software stacks. How to deal with this in a standardised way? Internal criticality considerations define whether and how licence compliance and security are practised. From optional licence compliance through damage-control strategies to optional security of the development through release rigidity for technical reasons, there are always reasons not to look too closely. Concepts around Open Source and its security and subsequent use are increasingly coming into focus, especially when considering supply chains. The central question arises: What must happen so that Open Source management is not always custom-made?

Suggested Content

  • SPOTIFY

    Podcast: August 2022 Debrief

    In this episode of the podcast, we return to our FINOS Debrief episodes (now monthly) that wrap up the past month in the FINOS Ecosystem - and look forward to the next month and beyond.

  • SPOTIFY

    Podcast: Open Source in Finance Forum (OSFF) London 2022 Wrap Up

    In this episode of the podcast, FINOS CTO Jane Gavronsky, Senior Technical Architect Rob Moffat, and Head of Marketing Grizz Griswold do a retrospective of the most recent edition of the Open Source in Finance Forum (OSFF) London from July 2022. We talk about the keynotes, the hallway track, roundtables, and key takeaways from the event.

  • LINK

    OSFF London 2022: Flickr Photo Album

    Click image for Flickr photo album

  • SPOTIFY

    Podcast: What’s New with FDC3 v.2.0?

    In this episode of the podcast, Grizz sits down with Kris West, Principle Engineer at Cosaic, and Lead Maintainer for the FDC3 Project to talk about the release of FDC3 v2.0, Kris' role as a maintainer, and the "why" on changing a standard like FDC3.

  • SPOTIFY

    Podcast: The Challenges of Deploying Real-time AI for Finance & How Open Source Can Help

    In this episode of the podcast, Grizz sits down with Nava Levy, AI/ML Developer Advocate at Redis to talk about her OSFF talk: "The Challenges of Deploying Real-time AI for Finance and how Open Source can help". Plus, we talk about artificial intelligence and machine learning and deep learning, how it can apply to finance, and how open source has a place in all of this.

  • SPOTIFY

    Podcast: OSPOs in Finance – Ways to Overcome Industry Barriers to Accelerate OS Adoption

    In this episode of the podcast, Grizz sits down with Ana Jiménez Santamaría, OSPO Program Manager at the TODO Group to talk about her OSFF talk: "OSPOs in Finance: Ways to Overcome Industry Barriers to Accelerate OS Adoption". Plus, we talk about what an Open Source Program Office (OSPO) is, some benefits, and where we think the future might lead for OSPOs in financial services.

  • SPOTIFY

    Podcast: How to Get Them to Commit?

    In this episode of the podcast, Grizz sits down with Elena Lape, Co-Founder of Holographic Inc. to talk about her OSFF talk: "How to get them to Commit?". Plus, we talk about developer relations, open source in financial institutions, and open source buzzwords, and what some of them really mean.

  • SPOTIFY

    Podcast: FDC3 In the Wild Part 2

    In this episode of the podcast, Grizz sits down with Rob Friend, Product Director, Market Solutions and Interoperability at Symphony Communications to talk about his talk at the FINOS Open Source in Finance Forum (OSFF) on July 13th in London with Eugene Sorenson of Cosaic about "FDC3 in the Wild - Real World Use Cases that Help Evolve the Standard". Plus, we talk about FDC3 from the product and standards view, and how interoperability is transforming financial services, not just on the desktop.

  • SPOTIFY

    Podcast: Breaking New Ground in RegTech Through Open Source TechSprint Innovation

    In this episode of the podcast, Grizz sits down with Minesh Patel, Chief Technology Officer at REGnosys to talk about his upcoming talk at the FINOS Open Source in Finance Forum (OSFF) on July 13th in London about "Breaking New Ground in RegTech Through Open Source TechSprint Innovation". Plus, we talk about using tech sprints to accelerate work on open source projects and more.

  • SPOTIFY

    Podcast: Mission Critical Data, & Evaluating the Community in OSS Tech

    In this episode of the podcast, Grizz sits down with Mick Semb Wever, Principal Architect, The Apache Software Foundation for the Apache Cassandra Project, and Principal Architect at DataStax working in Professional Services. We talk about "Mission Critical Data, and Evaluating the Community in OSS Tech". Plus, we discuss if open source is up to the challenge of continuous delivery needed to keep up with the financial services industry, and how FSI companies can spend more time and resources on open source, and more.

  • SPOTIFY

    Podcast: FDC3 in the Wild

    In this episode of the podcast, Grizz sits down with Eugene Sorenson, Chief Product Officer at Cosaic to talk about his talk at the FINOS Open Source in Finance Forum (OSFF) on July 13th in London with Rob Friend of Symphony about "FDC3 in the Wild - Real World Use Cases that Help Evolve the Standard". Plus, we talk about UX design before it was UX design, and how frontend folks can get involved with open source in financial services.

  • SPOTIFY

    Podcast: Leveraging Your Organization’s OS Engagements to Recruit & Retain

    In this episode of the podcast, Grizz sits down with Chris Howard, Lead Open Source Program (OSPO) Manager at EPAM Systems to talk about his talk at the FINOS Open Source in Finance Forum (OSFF) on July 13th in London talking about "Leveraging your Organization's OS Engagements to Recruit and Retain". Plus, we look at other open source benefits seen from the OSPO level, and opportunities at all levels of the financial / technical organization.