1、The 2024 State of Open Source in Financial ServicesFintech Open Source Foundation(FINOS)in partnership withSeptember 2024Hilary Carter,Linux FoundationCara Delia,Red HatTosha Ellison,FINOSColin Eberhardt,Scott LogicAdrienn Lawson,Linux FoundationForeword by Gabriele Columbro,Linux FoundationContents

2、Foreword.3Infographics.5Executive summary.6Introduction.8Scope of open source financial services activity:GitHub data analysis.10Survey and interview findings.14Open source maturity.14Consumption and contribution policies,processes,and tooling.14Community Leadership and OSPOs.17Value of open source.

3、18Value of Foundations.19Cross-industry collaboration.20Strategic priorities.23Artificial Intelligence.23Cloud.27Cybersecurity.28Conclusions and actionable insights.33Methodology .34Screening criteria.34Year-over-year comparisons.35Demographics.35Resources.36Acknowledgments.373THE 2024 STATE OF OPEN

4、 SOURCE IN FINANCIAL SERVICESForewordWith the GenAI revolution in full swing,its hard not to overstate what a truly momentous year it has been for technology and for open source.For one,the intersection of open source and AI is at the very center of highly consequential debates among industry and po

5、licy leaders for the huge impacts its bound to have on the worlds economy,geopolitical balances,and civil society.So,with this fourth edition of the State of Open Source in Financial Services report,not only is it immensely gratifying to once again witness the growth of engagement financial services

6、 institutions continue to have in our community and in open source at large,but its incredibly encouraging see the maturity of numerous stakeholders who,by way of their leadership and their engagement in our community,are enabling the industry to think of open source as a powerful vehicle to create

7、new markets and opportunities,and furthermore address higher order challenges,like climate and sustainability aligned investing.While in so many ways we feel were just getting started,given the sheer amount of financial technology ripe for commoditization,with the FINOS community firing on all cylin

8、ders its hard not feel excited about what the future holds for open source in financial services.Thats really what this research report validates:the value were collectively creating is now fully recognized and enables us to go after bigger and bolder objectives.Although our research doesnt measure

9、membership growth,its a worthy piece of data to share as a means to contextualize this studys findings.Today,the FINOS membership stands at 95 members strong,a twenty percent year over year growth.But its not just about the numbers,its about a community that is now truly cross-industry as buy-side,s

10、ell-side,and everything in between-from exchanges to clearing houses,from CSPs to technology vendors,from consulting companies to established industry bodies-are flocking to support our efforts.While membership growth and retention is a great proxy for value,it is our open source and open standard p

11、rojects,and the value that they create for the financial services industry,that we as a community are ultimately measured on.FDC3s spike in adoption is ushering in a new era of industry connectivity,while the Common Domain Model provides a lingua franca for the industry,data,a necessary prerequisite

12、 for any advanced AI system.All of this while projects like GitProxy continue to deliver on our mission of Open Source Readiness,removing frictions for developers across the industry,allowing them to be first class citizens in open source while knowing that they are adhering to regulatory compliance

13、 requirements.While we often focus on the impact of open source code(and these trends are truly inspiring on their own terms,with 86%of survey respondents reporting that OSS delivers business value to their organization)perhaps the unheralded value for participants in the FINOS community is derived

14、from the communities of practice that have emerged around our projects,particularly through our special interest groups(SIGs).OpenRegTech enables our community to collectively interpret technology and financial regulations and create open source tools which every firm can leverage to reduce the cost

15、 of compliance.Drawing on the yearslong experience of the Open Source Readiness SIG,the AI Readiness SIG has garnered a groundswell of support allowing it to build consensus on governance frameworks for the adoption of GenAI the industry,the byproduct being that our community is able to efficiently

16、collaborate on precompetitive AI technology in the open.4THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESAnd I would be remiss not to acknowledge the new knowledge network that has formed around FINOS research,manifested right here in this report,and the reports preceding it.Once again,we have on

17、ly been able to share these insights because of the contributions of so many of our community members who joined us in designing this years study,distributing and taking the survey,contributing qualitative interviews and datasets,and,notably,contributing to the report as co-authors.To you,who so cri

18、tically inform the direction of our community based on objective measurement of our impact,and to all who believe in this vision and engage tirelessly in open source in financial services,I am truly grateful and humbled by your participation.So,as you dig in this report,if theres one thing I wish yo

19、u would take away,its the following:weve made huge progress which is now widely understood and has firmly set us on the path of exponential growth.Now its time for this beautiful innovation engine that you created to push boundaries even further and drive even greater impact.Whether you represent an

20、 institution or contribute in an individual capacity,the opportunity is here for the taking and you have a chance to shape what the next generation of financial technology looks like.Together,in the open.Gabriele ColumbroExecutive Director,FINOSGeneral Manager,Linux Foundation EuropeThe 2024 State o

21、f Open Source in Financial ServicesCopyright 2024 The Linux Foundation|September 2024.This report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License88%of respondents say that using OSS improves software quality in their organization.84%of respondents ag

22、ree that using OSS delivers business value to their organization.GitHub contributions from financial services professionals are up 26%over last year.84%of respondents report spending work time contributing to third-party open source,up from 41%in 2021.Inner source is on the rise,with 88%reporting sp

23、ending time contributing compared with 63%in 2021.46%of respondents say their organizations are giving them more time to contribute to OSS.50%of organizations include security and vulnerability testing in their OSS contribution practices.50%of respondents agree that OSS use would increase with bette

24、r understanding of the nontechnical value proposition of OSS.45%(up 10%from last year)agree that AI/ML is important to the future of the industry.Cross-industry collaboration,industry standards,and open data are the top areas of financial services that can benefit from open source.49%say their organ

25、izations have funded open source through donations,foundations,sponsorships,funds,etc.47%believe that investment in secure software development practices and legal,compliance,or security support would increase OSS use.6THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESExecutive summaryConsumption i

26、s getting the scrutiny it deservesEach year,we remind our readers that the financial services industry,like almost every other industry,is a huge consumer of open source and has been for years.There is growing awareness that comprehensively managing the landscape of open source components used withi

27、n organizations,including selection and maintenance,is challenging but essential,particularly as concerns around security rise.According to this years survey,just over one-third of organizations have formal review processes,tooling,training,and guidelines to help with open source selection and manag

28、ement.Confidence levels are mixed on the ability to control(30%extremely confident and 54%somewhat confident)and maintain(37%extremely confident and 47%somewhat confident)up-to-date versions of open source components used in development.Further,47%of those surveyed believe that improving secure soft

29、ware development,legal,compliance,or security support would have a significant positive impact on their use of open source.The industry will benefit from continued effort and participation in collaborative initiatives focused on selecting the best OSS software,tracking its use across an organization

30、,and using current versions in order to reduce vulnerabilities,risk,and technical debt.Contributions continue to increase but more policies and tools are neededIn each of the four years we have run this study,the amount of time our respondents report spending on contributing to open source projects(

31、inner source,company sponsored,and third party)has increased,and this year,46%of respondents say their organizations are allocating more time for them to contribute to OSS.Our GitHub analysis supports these findings with a significant increase of 26%in contributions from financial services professio

32、nals in the last year.This may be,in part,because of the conscious focus on automating processes to reduce the number of manual steps required for contribution while ensuring the enforcement of tight controls.Tools that enable compliance during git push operations,such as FINOSs GitProxy,bring mater

33、ial benefits of open source back to their organizations.Enabling contribution also helps with consumption challenges and risk:Allowing contributors to push changes back to commonly used libraries not only improves the software but also reduces the costs of maintaining internal forks.This is a positi

34、ve trend,but there are still too many organizations that dont allow contribution.Now is a critical time for executives to prioritize enabling secure open source contributions from their organization.KEY TAKEAWAYKEY TAKEAWAY7THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESFoundations help communit

35、ies grow and capitalize on new opportunitiesAs discussed in last years report,financial services organizations face numerous challenges to collaboration because of the stringent regulatory standards they must meet.Foundations play a crucial role in fostering collaboration in this industry,nurturing

36、industry-specific discussion and thought leadership in a manner compliant with strict regulations.This leads to the development of projects,standards,and shared frameworks that solve industry-specific challenges.As more financial services organizations and professionals engage with foundations,they

37、can tackle more challenges.This year,cross-industry collaboration,followed by industry standards and open data,topped the list of areas in which the industry can most benefit from open source.We explore how this data point is being realized through active,collaborative initiatives.We also dive into

38、AI/ML,cybersecurity,and cloud,which many continue to identify as the open source technologies that are most valuable to the future of the industry,with AI/ML jumping up 10%over last year.KEY TAKEAWAY A growing open source community focused on financial services has the opportunity to collectively de

39、velop and promote standards that make it easier for the industry as a whole to take advantage of generative AI(GenAI),cloud,secure software practices,open data,and much more.Failing to work together will be costly.8THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESIntroductionFor the financial serv

40、ices industry,open source collaboration is a strategically relevant practice.Even in the relatively short time since studying sector trends in open source began,weve seen encouraging signals for the financial services industry that there are numerous benefits to realize through increased collaborati

41、on at the precompetitive level of technology stacks and that more participants in the sector are coming on board.Over the past four years,this study has provided concrete insight into the adoption,contributions,and leadership trends surrounding open source technologies in the financial services indu

42、stry.Each year,our findings have highlighted challenges for open source,along with the significant strides made by sector companies,both fintechs and the financials,specifically the increasing levels of adoption and integration of open source to reduce cost and complexity,to position themselves comp

43、etitively in the talent market,and,perhaps above all,to accelerate innovation around areas of non-differentiation.As trend lines go,this is all good news.As in prior years,this report is based on empirical evidence,beginning with a global survey shared from May to July 2024,along with analysis of Gi

44、tHub data to generate two streams of quantitative insights.A series of interviews with financial services industry leaders followed to complement the quantitative data.Through the process of engaging knowledgeable open source respondents,including developers,IT leaders,executives,and other key stake

45、holders in financial services,we provide a nuanced yet comprehensive understanding of the current state of open source.Altogether,the data and the trends collectively underscore the growing importance of open source in driving innovation,enhancing efficiency,and fostering collaboration.Our findings

46、reveal that financial services organizations are not only consuming open source software at increased levels to achieve a variety of objectives but also contributing back to the community in meaningful ways.Notably,the establishment of Open Source Program Offices(OSPOs)and the development of clear o

47、pen source strategies have become more prevalent,signaling a mature and structured approach to open source involvement.For stakeholders from capital markets,retail or private banking,asset management,insurance,or for those fintech leaders delivering innovative solutions for the sector,theres more re

48、ason than ever to participate in open source ecosystems.9THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESThe empirical evidence also supports what we see right before our eyes within the Fintech Open Source Foundation(FINOS)community,now 94 organizations strong.From new project contributions to p

49、articipation in working groups to the growth in the number of organizations funding and engaging in open source initiatives,the research also reflects the value of foundations and the collaborative programs they support.Examples include participation inand an uptick in training related tothe FDC3 in

50、teroperability standard for sales and trading desktop platforms,regulatory success opportunities created through Open RegTech,and shared learning opportunities through the AI Readiness Special Interest Group.This growth was part of the rationale behind the recent merger of FINOS and OS-Climate,which

51、 will unleash the potential for financial services organizations to accelerate climate resilience through greater collaboration around tools that identify physical and transition risk in investment portfolios and beyond.Whether you are a seasoned open source contributor,a senior executive,or new to

52、the world of open source,this report offers year-over-year evidence and fresh perspectives on how and why participating in open source projects and communities is a strategically important activity.We invite you to explore the findings,draw inspiration from the trends,and join us in embracing the po

53、tential of open source in the financial services industry.10THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESScope of open source financial services activity:GitHub data analysisIn this section,we find that:While growth in the overall number of financial services users on GitHub has been modest,th

54、eir commit activity has increased significantly Much of this activity occurs within projects that are directly owned and managed by financial services firms FINOS is leading the way in fostering cross-organization collaboration within financial services Python is the most widely used language by fin

55、ancial services open source developers,with growth seen in both TypeScript and Go usageIn this section,we explore the open source activities of financial services organizations through publicly available data from GitHub.It is challenging to capture the full extent of open source interactions becaus

56、e,as we highlighted in last years report,policies and restrictions often push developers to use their personal account when interacting with GitHub.However,despite these challenges,we observe interesting patterns from the available data.GitHub provided the analysis in this section using a list of FI

57、NOS-supplied email domains of over 400 of the largest financial services institutions(by revenue and/or assets under management)as well as those financial services organizations known to this group to be active or interested in open source.The data includes GitHub users who made commits to any publi

58、c repo with a primary email that matched an email domain in a FINOS-provided list or if the user was a member of an organization that had a billing email with a domain in that same list.11THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESTABLE 1GitHub repositories with a financial services email do

59、mainYear Unique repositories with FinServ commitsUnique FinServ usersTotal commits by FinServ users202435,7889,247751,259202336,6349,009595,860202236,1078,552535,974202125,2806,857429,258SOURCE:GITHUB,JULY 25,2024This year,as shown in TABLE 1,we found that 9,247 employees from financial services org

60、anizations contributed to around 35,788 repositories,making a total of 751,259 commits.Looking at FIGURE 1,which shows the number of users for the past four years,we can see that while user growth has plateaued,the overall number of commits has grown steadily,with 26%growth in the last year.Of these

61、 36,000 repositories,the following have the greatest numbers of unique contributors,with each having 10 or more(fin-serv)contributors:man-group/ArcticDBa high-performance,serverless DataFrame database jpmorganchase/salt-dsReact UI components built with a focus on accessibility,customization,and ease

62、 of use ocaml-flambda/flambda-backendFlambda backend project for OCaml deckhouse/deckhouseKubernetes platform from Flant bloomberg/blazingmqa modern high-performance open source message queuing system bloomberg/comdb2a relational database built in-house by Bloomberg Point72/cspa high-performance rea

63、ctive stream processing library seb-oss/greenan open source design system built by SEB transferwise/tw-tasks-executorservice cluster-wide asynchronous tasks executor conda-forge/arcticdb-feedstocka conda-smithy repository for arcticdb janestreet/merlin-jstMerlin with support for Jane Street extensio

64、ns fidelity-contributions/open-telemetry-opentelemetry-python-contribfork for Fidelitys contributions to open-telemetry/opentelemetry-python-contri12THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESThis is a relatively diverse set of projects,including design systems and UI components;compiler and

65、 IDE technology;databases;and messaging,streaming,and observability frameworks.Most of these repositories are hosted by financial services organizations,with the above projects hosted by MAN Group,JPMorgan Chase,Bloomberg,Point 72,SEB,TransferWise(now known as Wise),Jane Street,and Fidelity.These ar

66、e some of the leading organizations when it comes to working in the open;however,for each of the above,it is only the employees of that given organization who are active contributors.None of them represents cross-industry collaboration.Instead,we look at the repositories where we observe multiple fi

67、nancial services organizations committing code and collaborating.The following are those where three or more organizations have contributed code:finos/open-source-readiness,finos/devops-automation These are both FINOS projects.Open Source Readiness has various assets that help organizations accelera

68、te their journeys toward open source readiness,whereas DevOps Automation provides continuous compliance and assurance.github/advisory-database This repository functions as a security vulnerability database inclusive of CVEs and GitHub-originated security advisories from across the world of open sour

69、ce software.Clearly,FINOS is leading the way when it comes to bringing financial services organizations together in collaboration.SOURCE:GITHUB,SEPTEMBER 2023FIGURE 1Growth of FinServ users and commit activity within GitHub1GitHub State of Octoverse 2023https:/github.blog/news-insights/research/the-

70、state-of-open-source-and-ai/#the-most-popular-programming-languages10,0007,5005,0002,50002021FinServ UsersTotal commits by FinServ Users202320222024800,000600,000400,000200,000013THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESFIGURE 2 shows the most widely used languages by financial services or

71、ganizations contributing to open source.Python comes out on top,at around 17%,whereas we find that the“workhorse”languages of financial services,Java and C#,are much lower down the list(7%and 3%,respectively).It is likely that the leading position of Python is driven by its dominance as a language f

72、or AI and data analytics.The usage of JavaScript has dropped significantly(from 17%in 2023 to 13%in 2024),although this met with a roughly equivalent rise in TypeScript usage.This reflects the overall industry trend,as highlighted in the GitHub State of Octoverse report,which shows a move from JavaS

73、cript to TypeScript,capitalizing on the type-safety offered by this(open source)language.SOURCE:GITHUB,SEPTEMBER 2023FIGURE 2Primary language of GitHub repositories with FinServ committer activity20%15%10%5%0%20232024PythonJavaScriptTypeScriptGoJavaHTMLJupyter NotebookShellC+RustC#OCamlC14THE 2024 S

74、TATE OF OPEN SOURCE IN FINANCIAL SERVICESSurvey and interview findingsOpen source maturityOpen source is a key element for the digital transformation that firms are trying to achieve.They can leverage the power of open source software and technologies in several ways to drive innovation,reduce costs

75、,and improve efficiency.As firms consume,on average,thousands of open source components,open source maturity plays a key part in the extent of value that banks can leverage from open source community engagement.In the following section,we examine the importance of policies,processes,tooling,and lead

76、ership in driving open source maturity across both consumption and contribution,as maturity in both areas is essential to reduce risk and take full advantage of the benefits of open source.Consumption and contribution policies,processes,and toolingAs organizations increasingly consume open source so

77、ftware,it has become critical to understand and manage the associated risks.This years FINOS survey sheds light on how financial institutions address these challenges and explores if organizations are doing enough.In Figure 3,we are seeing more and more ability to contribute,with less than 5%of resp

78、ondents indicating that they cannot,or do not know how to,contribute to open source on behalf of their organization.While only 10%report that contribution is openly encouraged,a further 70%are able to contribute under certain conditions.This reflects the conservative approach that financial services

79、 organizations may need to take while rolling out appropriate policies and processes to potentially many thousands of engineers,but it still shows an encouraging trend in allowing contribution.2024 FINOS STATE OF OPEN SOURCE SURVEY,Q25,SAMPLE SIZE=249FIGURE 3Open source contribution policy trendsWha

80、t statement is closest to your organizations policy on contributing to open source projects?(select one)Contribution is permitted under some conditions37%23%14%10%10%2%3%There is no clear policy about OSS contributionsContribution is permitted if it is required by the open source licenseContribution

81、s are up to each development teamContribution is openly encouragedContributions are not permittedDont know or not sure15THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESTurning to consumption,this years survey shows that 39%of organizations(FIGURE 4)have formal review processes for evaluating OSS

82、components,and a similar percentage require developer training on secure software development.However,only 20%reported having an Open Source Program Office(OSPO)that works with developers to ensure compliance with these policies.We also see that confidence in controlling OSS usage is mixed.While 30%

83、of respondents are extremely confident,a significant 54%are only somewhat confident in their organizations ability to control which open source software components are used in development projects(FIGURE 5).Regarding using maintained and up-to-date OSS components,37%are extremely confident,and 47%ar

84、e somewhat confident(FIGURE 5).This indicates that there is still work to be done to improve the management and effectiveness of open source use within organizations.2024 FINOS STATE OF OPEN SOURCE SURVEY,Q19,SAMPLE SIZE=239,VALID CASES=239,TOTAL MENTIONS=570FIGURE 4Practices organizations follow re

85、garding OSS useWhat practices does your organization follow regarding the use of OSS?(select all that apply)2024 FINOS STATE OF OPEN SOURCE SURVEY,Q21,SAMPLE SIZE=239FIGURE 5Confidence in controlling and maintaining OSS components in useHow confident are you in your organizations ability to control

86、which open source software components are used in a development project?(select one)2024 FINOS STATE OF OPEN SOURCE SURVEY,Q20,SAMPLE SIZE=239How confident are you that the open source components your organization uses are maintained and up to date?(select one)We have internal manuals,checklists,or

87、guidelines for using OSSWe require developer training on secure software developmentWe recommend developer training on secure software developmentWe have a formal review process for evaluating OSS componentsWe have tooling(e.g.,license checkers,security scanning)and automation to implement OSS polic

88、ies and processesWe engage with outside professionals to determine what OSS components we should useNone of the aboveOur OSPO works with developers to ensure that its policies are followedDont know or not surea Dont know or not sure39%30%54%11%1%4%39%36%36%35%30%20%0%3%Extremely confidentSomewhat co

89、nfidentNot very confidentNot at all confidentDont know or not sureExtremely confidentSomewhat confidentNot very confidentNot at all confidentDont know or not sure4%3%8%47%37%16THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESSonatype Researchs State of the Software Supply Chain 2023 Report highlig

90、hts the importance of this management and understanding of any gaps in perceived control and actual effectiveness.The report found that 67%of respondents were confident that their applications did not rely on known vulnerable libraries.However,nearly 10%reported security breaches due to open source

91、vulnerabilities in the past year,and 20%were unsure if their organizations had been breached.Furthermore,the report revealed that one in eight open source downloads contained known vulnerabilities,underscoring ongoing challenges in software supply chain management.2These findings point to a critical

92、 issue:Perception does not always align with reality.Brian Fox,Co-Founder and CTO,Sonatype Research shares that“while organizations may believe they have a handle on OSS usage,the prevalence of vulnerabilities in applications tells a different story.Worse yet,vulnerabilities are now only part of the

93、 story.In recent years,the focus has shifted to an even more insidious threat:malicious open source components.Unlike vulnerabilities,which are typically just mistakes,malicious components are intentionally crafted to evade detection,contaminate developer infrastructure,and execute exploits with tre

94、mendous consequences.”A recent example of this is the intentionally malicious backdoor in xz-utils,which made headlines,catching development teams off guard and sparking concern over other potential malware lurking in critical,yet under-supported,open source projects.Making matters worse,the backdoo

95、r was a culmination of three years of work by what is now suspected to have been a nation-state attacker.Still,some organizations are quick to dismiss these types of threats,given the robust deployment of antivirus and malware scanners.Unfortunately,this isnt enough,as these novel attacks exploit th

96、e inability to identify malware through traditional scanning tools and approaches.In other words,the reliance on matching to known malware is a weakness,requiring tools capable of detecting even the most obscure points of intentional open source contamination.Because open source code is able to be m

97、odified by those using it,organizations have the ability to make improvements to software when needed.Rather than relying upon vendor-timed release cycles or being subject to market pressures that may cause a particular software author to abandon maintenance and updates,organizations have the abilit

98、y to ensure that mission-critical technologies work the way that they need them to by relying on in-house or outsourced development resources.By using open source,organizations control their own destiny and are not at the mercy of the technology decisions of another vendor or partner.To address emer

99、ging threats,all software development organizations must adopt a multifaceted approach to open source consumption.Solutions include enhancing awareness through initiatives such as the Open Source Consumption Manifesto from the LFs Open Source Security Foundation,leveraging binary repositories for se

100、cure component storage,and deploying advanced tools capable of detecting and blocking malicious packages before they infiltrate the development pipeline.3“”2 Sonatype Research:“State of the Software Supply Chain Report,2023”3 Interview:Brian Fox,CTO and Co-Founder,Sonatype,August 4,202417THE 2024 ST

101、ATE OF OPEN SOURCE IN FINANCIAL SERVICESAdditionally,by actively participating in open source communities,companies demonstrate that they are the kind of place where talented developers want to work by creating opportunities to meet them where they areonline.Further,employers can interact with poten

102、tial hires in the projects community and get a picture of how that person will work when on the job.This view of a potential employees work will always give a broader picture of a candidate than a traditional interview,leading to more data-driven hiring and,therefore,increased retention.Anecdotally,

103、we have mountains of evidence that developers are more excited about working with and contributing to open source projects,as they have the opportunity to see their work used more widely and having a bigger influence in the wider world.This is also confirmed by our survey results,which show a consis

104、tent rise in the time individuals are spending contributing to inner source and open source both at work and in their personal time(FIGURE 6).Anyone can participate in open source communities,including joining community meetings.As a consumer,obtaining knowledge of open source project roadmaps and p

105、roject plans can help an organization with their own product planning.As a contributor,as well as contributing code for new features,an organization can present their future vision of the project for discussion.The key is to show how the contributions and vision would benefit not just that one organ

106、ization but the needs and shared purpose of that community.When organizations are unable to contribute changes back to the projects and libraries they use,they not only lose out on the collaborative nature of open source but also introduce significant technical debt and the potential for increased s

107、ecurity vulnerabilities,as they are forced to independently maintain their own version of the software.The open source GitProxy has been developed specifically for financial institutions,and it provides a lightweight,scalable tool that implements a series of configurable checks on code before they r

108、elease it to an external git repository.Community leadership and OSPOsTo build the applications of the future,organizations have to understand what their options are today.Alongside looking at open source software deployments,firms need to also look at where they can contribute back to the open sour

109、ce community.Setting up an OSPO can help companies manage software consumption and improve how they contribute to the community.Open source contribution is a great place for developer teams to collaborate with other developers,enabling them to improve and correct their own code or 2024 FINOS STATE O

110、F OPEN SOURCE SURVEY,Q33,SAMPLE SIZE=233(DKNS EXCLUDED)2023 FINOS STATE OF OPEN SOURCE SURVEY,Q28,Q29,Q30,Q31,SAMPLE SIZE=288(DKNS EXCLUDED)2022 FINOS STATE OF OPEN SOURCE SURVEY,Q30,Q31,Q32,Q33,SAMPLE SIZE=188(DKNS EXCLUDED)2021 FINOS STATE OF OPEN SOURCE SURVEY,Q41,Q42,Q43,Q44 SAMPLE SIZE=94(NO DK

111、NS ANSWER CHOICE IN 2021)FIGURE 6Year-over-year growth in different open source projectsDo you spend any time at work contributing to open source projects?(select one)202120222023202418THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESImproved productivityLess development time to marketMake the org

112、anization a better place to workBusiness valueFacilitates innovationLower cost of IT operationsImproved collaborationLess vendor lock-inLower cost of software ownershipImproved securityImproved productivityImproved productivityLower cost of software ownershipLess vendor lock-inImproved software qual

113、ityFacilitates innovationMake the organization a better place to workLower cost of IT operationsImproved securityLess development time to marketsomeone elses.Organization leaders have an important role to play in enabling this contribution.Banks and financial institutions have experience in hardenin

114、g and securing their software.This experience can be extremely valuable to the wider open source community in a precompetitive and collaborative manner.“The OSPO is an asset to our firm,as it enables us to contribute and interact with the open source ecosystem.By actively engaging with the open sour

115、ce community,we can align with industry shifts,make informed decisions,and be a part of shaping projects that drive mutual growth for both our firm and the community.”4 KAY XIONGPACHAY,PRODUCT MANAGER,GOLDMAN SACHS By integrating these strategies,organizations can significantly improve their OSS man

116、agement,moving from reactive to proactive.Value of open sourceThroughout this report,youll read about the benefits of open source because they are pervasive across all aspects of software and standards development,empowering individuals to collaborate and excel,enhancing organizational efficiency an

117、d security,and driving industry-wide growth through shared knowledge and collective development.As FIGURE 7 below illustrates,open source frequently delivers benefits that range from economic to cultural.Once again,survey results show that open source technologies are understood for their ability to

118、 lower the total cost of software ownership,drive faster times to market,increase productivity,and help organizations attract technical talent through their use.2024 FINOS STATE OF OPEN SOURCE SURVEY,Q22,SAMPLE SIZE=239FIGURE 7The benefits of open sourceHow often does using OSS deliver the following

119、 benefits in your organization?(select one response per row)2024 FINOS State of OSS in Financial Services2024 World of Open Source:Global Spotlight2024 WORLD OF OPEN SOURCE SURVEY,Q30,SAMPLE SIZE=1,0474 Interview with Kay XiongPachay,Product Manager,Goldman Sachs88%84%83%82%79%77%77%77%73%72%84%75%7

120、4%70%69%81%79%78%77%77%19THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESOur top resultimproved software qualitycontinues to be a driver of value.Elspeth Minty from RBC Capital Markets describes part of the reason why.She says,“The bar for most open source projects in terms of testing,documentati

121、on,and code reviews is very highthats a good thing.Its worth going through review cycles until everyone agrees with the contribution,as this process helps maintain the quality of open source projects.”5 The 2024 World of Open Source:Global Spotlight report shows similar findings,with“improved softwa

122、re quality”ranking third and“improved productivity”coming in top.Its encouraging to see the financial services industry recognizing the benefits of open source at similar levels to other industries.Value of foundationsWhat may be less understood is the value that open source foundations themselves p

123、rovide.On this matter,our qualitative findings illustrate how collaboration in foundations is a separate value proposition from open source code.So,what is it that foundations do,and why does it matter?Open source foundations provide access to massive portfolios of open source software,hardware,stan

124、dards,and data that our world relies on,and they nurture communities of practice surrounding them.They sustain the digital public goods that,on one hand,reduce waste and duplication of effort and,on the other hand,drive industry-specific innovation,creating trillions of dollars in value.Importantly,

125、open source foundations support open governance and shared decision-making,reducing the likelihood that software licenses could be easily changed.License continuity ensures greater trust,reduces the fear of“rug pulling,”and makes it easier to take a dependency on a project as compared with an open t

126、echnologies controlled by a single decision-maker or entity.Beyond hosting trusted code bases,foundations support communities by hosting events,publishing open content,and creating other resources,such as training programs and research reports like this one.Forums that nurture industry-specific thou

127、ght leadership,solve industry-specific challenges,and provide shared governance frameworks for programming and code,encompassing AI-readiness,common domain models,common cloud controls,and interoperability platforms,are the additional value-add.It is the totality of the strategic initiatives that fo

128、undations support that makes the decision for engagement compelling.Leaders across the financial services sector agree.According to Kim Prado,BMO Capital Markets,“Open source foundations have really changed the game in terms of innovation,sustainability,and effective collaboration.In a rapidly evolv

129、ing industry,we have exponentially accelerated our time to market by leveraging open source frameworks to enable faster deployment,helping us to stay competitive and responsive to new technology.Utilizing open source software has also allowed us to allocate our resources more effectively by minimizi

130、ng costs associated with proprietary licenses and development.”6For Elspeth Minty at RBC Capital Markets,theres value to be had by engaging in projects driving regulatory success.She says,“FINOSs Open RegTech gives us a platform,a kind of safe space,to have conversations at a high level with other o

131、rganizations,which may not occur in any other forum.Putting the process in place,learning lessons from companies that have already gone through the process,is one of the biggest value points.”7In addition to the cultural,technical,and open governance benefits,another value point for foundations is h

132、aving access to the tooling,and the contributors engaged around 5 Interview with Elspeth Minty,July 26,20246 Interview with Kim Prado,Aug 6,20247 Interview with Elspeth Minty,Jul 26,202420THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESthat tooling,to manage the existential risk stemming from cli

133、mate change.Michael Tiemann of OS-Climate,a recently merged climate finance project under FINOS,says,“One of the reasons that members come to OS-Climatepeople whose job is investment management,loan origination,and risk reportingis a mandate from within the firm to now look at managing physical risk

134、 in their decision-making process.And the immediate benefit of the physical risk tool is that you can look at your asset portfolio and see the hazards,vulnerabilities,and exposures.This is a critical foundation and significant accelerator for end users and key decision-makers who need to quantify th

135、e financial impact of physical riskstruly a new frontier for finance.”8 It is precisely in addressing the evolving and urgent priorities of financial services leaders,by bridging the ESG remit of leadership teams with technical communities,that open source foundations can,and must,play an increasing

136、ly relevant and valuable role.Cross-industry collaborationCross-industry collaboration,along with industry standards and open data,are other important areas where financial services organizations can find value from open source,as indicated in FIGURE 8.While not surprising,it is reassuring that the

137、industry recognizes that open source can and should be used across the industry to build common standards and data sets.In this section,we explore existing collaboration efforts and standards as well as new opportunities for the industry.There are many well-established industry standards that have c

138、ollectively contributed to the modernization,security,and efficiency of the financial services industry.Some well-known examples includes SWIFT(Society for Worldwide Interbank Financial Telecommunication)established in 1973;FIX(Financial Information eXchange)Protocol,established in 1992;EMV(Europay,

139、MasterCard,and Visa)established in 1994;XBRL(eXtensible Business Reporting Language)established in 1999;and ISO 20022,established in 2004.2024 FINOS STATE OF OPEN SOURCE SURVEY,Q15,SAMPLE SIZE=249,VALID CASES=249,TOTAL MENTIONS=680FIGURE 8Aspects of financial services that would most benefit from op

140、en sourceWhich of the following aspects of financial services would most benefit from open source?(select up to three responses)8 Interview with Michael Tiemann,August 2,202430%26%25%24%23%21%19%18%18%14%13%10%9%7%7%6%0%2%Cross-industry collaborationIndustry standardsOpen data/data sharingImproved p

141、roductivityDigital identityCore banking(operations)platformInnovationCommon workflows(specific to financial services)Operating cost reductionProduct development cost reductionRegulation and legal complianceRisk managementSystem interoperabilityRobotic process automation(RPA)User experienceTransparen

142、cyOther(please specify)Dont know or not sure21THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESThese standards have been transformative,but there is much more the industry can accomplish.A small percentage of the software developed within financial services organizations is differentiating,conferr

143、ing a competitive advantagethink proprietary trading algorithms,user experience enhancements,elements of AI,machine learning,and risk management.The majority of the hundreds or thousands of systems are dedicated to core systems and compliancethink payment processing and settlement,risk and regulator

144、y reporting,data modeling and management,and even software development itself.Collaboratively developing open standards and open data sets can significantly reduce the amount of duplicative development within the industry while producing more robust systems that improve internal processes as well as

145、 interactions between industry participants,including between buy side and sell side and regulators.“The real game-changer for firms is being able to differentiate between your technology that is commoditized and your technology that creates a competitive advantage.FINOS allows us to share common pl

146、atforms that need to be safe,reliable,and secure,bringing down cost and resources through shared ownership.This frees up financial services technologists to contribute higher up in the value chain,enabling them to develop differentiated capabilities for their firms.”9 MADELEINE DASSULE,PARTNER AND C

147、HIEF INFORMATION OFFICER,INFRASTRUCTURE PLATFORM,WELLINGTON MANAGEMENTIndustry bodies and open source foundations play a critical role in promoting and enabling collaboration,including the development of open industry standards.One of the earliest contributions to FINOS was the Financial Desktop Con

148、nectivity and Collaboration Consortium(FDC3)in 2018.This is an open standard enabling applications on the financial desktop to interoperate and exchange data with each other,from pre-trade through post-trade.This standard has grown substantially in the last six years and now has active participation

149、 from organizations across the industry,including buy side,sell side,fintechs,and data providers.It has a lively and growing community of contributors and recently introduced FDC3-specific training and certification.It is a great example of how the industry can continue to work together to develop a

150、 valuable standard entirely out in the open.“End users too often have to deal with fragmented desktops requiring switching contexts,toggling between apps,and re-keying datawhich can waste a lot of time.This is why we are interested in standards such as FDC3 as we look to improve workflows,reduce com

151、plexity and risk,and support secure integration between solutions from a variety of market participants that can cover a broad set of use cases.”10DEREK NOVAVI,DIRECTOR(FRONTEND ARCHITECT),S&P GLOBAL MARKET INTELLIGENCEAnother example comes from the International Swaps and Derivatives Association(IS

152、DA),a trade organization established in 1985,that is best known for its efforts to standardize documentation and practices in the derivatives market.With more than 950 member institutions from over 70 countries,it is able to undertake large projects aimed at improving the efficiency and safety of th

153、e derivatives market.In 2022,ISDA,along with the International Capital Market Association(ICMA)and the International Securities 9 Interview with Madeleine Dassule,August 16,202410 Interview with Derek Novavi,August 15,202422THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESLending Association(ISLA)

154、chose to move their Common Domain Model(CDM)to a fully open model,housed in a FINOS repository.The CDM establishes a single,common digital representation of trade events and actions across the lifecycle of financial products.These lifecycles are complicated,so having one agreed-upon model across the

155、 industry increases efficiency and reduces errors.According to Scott OMalia,ISDAs Chief Executive Officer,the move to a fully open model provides“greater consistency across derivatives,repo,and securities lending”and“will also avoid fragmentation of standards and duplication of effort across the ind

156、ustry.”11Anyone who has worked in the financial services industry can attest that one of the most herculean tasks they undertake is managing massive amounts of data and the relationships between that data.From customer data to market,transaction,risk,and reference data,it is immensely complex and di

157、fficult to manage.Even the seemingly simple task of defining the attributes of a currency can be complicated.ISO 421712 is the de facto industry standard,but it often requires additional information,such as historical changes in codes or status as Non-Deliverable Forward(NDF).Developing and maintain

158、ing open data models and open data sets presents a significant opportunity for the industry to improve efficiency and save money.In 2020,Goldman Sachs open sourced Legend,its suite of data management and governance components.A core component of this project is Legend Studio,a visual data modeling e

159、nvironment that is used to build data models in an intuitive,business-friendly way.Using a tool such as Legend,the industry can collaborate on a wide variety of models and even data sets.For example,they could work on extending ISO 4127 and then building a reference data set.Goldman Sachs is also pa

160、rtnering with firms such as Snowflake and Google to make sharing data easier and more efficient.As Ephrim Stanley,Technology Fellow at Goldman Sachs,points out,“with a unified data platform,data producers can store massive datasets and data consumers can use Legend to ensure everyone is viewing a st

161、andardized version of that information thats ready for business use.”13 Although regulation and legal compliance was not a top-ranked selection,we see significant interest amongst our community and senior executives in identifying practical projects that address common needs.The Regulation Innovatio

162、n Special Interest Group(SIG)meets regularly to explore potential collaboration opportunities and pilot projects,e.g.,an open source implementation of the U.S.Liquidity Coverage Ratio(LCR)regulation using the open source project Morphir.One promising area of collaboration is to create regulation thr

163、ough code,reducing the ambiguity and complexity of interpreting regulations.Leading regulators such as the Financial Conduct Authority(FCA)have explored this in the past14 with limited success.FINOSs“Open Regulatory Reporting”(ORR),is a new initiative in this area that aims to simplify the process o

164、f implementing ISDAs Digital Regulatory Reporting(DRR)solution15.DRR provides an open,standardized interpretation of regulatory reporting rules converted into machine-executable code that leverages the CDM.In this way,FINOS is extending industry collaboration to include practical deployment componen

165、ts that leverage open source tools,thereby lowering the hurdles to implementation.It is clear that the financial services industry is already achieving value through open source consumption and contribution and that there is no shortage of opportunities to 11 https:/www.isda.org/2022/09/08/isda-icma

166、-and-isla-appoint-finos-for-cdm-repository/12 https:/www.iso.org/iso-4217-currency-codes.html14 https:/ https:/www.fca.org.uk/innovation/regtech/digital-regulatory-reporting15 https:/www.isda.org/isda-digital-regulatory-reporting/23THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESincrease that val

167、ue exponentially,including in areas of strategic importance.Strategic prioritiesFinancial firms continually strive to enhance operational efficiencies and improve customer experience.To achieve this,technology investments must align with business strategies and must also include assessments of how c

168、urrent technology trends can be leveraged to meet an organizations strategic priorities.Additionally,this can help firms innovate more effectively.AI,cloud,and security are not new topics within financial services,but they continue to be strategically important.Here,we will consider the importance o

169、f all three and how each is impacting the financial services industry.Artificial intelligenceMost computer systems make decisions based on an explicit set of rules or instructions that constitute part of their design process,i.e.,they do exactly what we tell them to.In contrast,AI systems learn to m

170、ake decisions based on observations and a feedback loop.AI is not new,with the concept of using a computer to model the brain being almost as old as the computer itself.The financial services sector has a long history of using AI for a range of predominantly numerical and predictive taskswith good s

171、uccess.However,the past few years have seen a step change in the capability of AI.FIGURE 9Open source technologies that are valuable to the future of the financial services industry,2023 vs.2024Which open source technologies do you feel are the most valuable to the future of the financial services i

172、ndustry?(select between one and three responses)2024 FINOS STATE OF OPEN SOURCE SURVEY,Q14,SAMPLE SIZE=249,VALID CASES=249,TOTAL MENTIONS=6832023 FINOS STATE OF OPEN SOURCE SURVEY,Q36,SAMPLE SIZE=324,VALID CASES=324,TOTAL MENTIONS=861Artificial intelligence/Machine learningCybersecurityCloud/contain

173、er technologies(including Kubernetes)Advanced analytics and data scienceDatabase and data managementCI/CD&DevOpsAugmented/virtual reality,3D simulation,graphicsBlockchainDevOps/GitOps/DevSecOpsOperating systems(e.g.,Linux)Edge computingIndustry standardsOpen data/open modelsWeb&application developme

174、ntStorage technologiesIoT&EmbeddedNetworking technologies(5G,SDN,NFV,etc.)Open source hardwareOther(please specify)Dont know or not sureArtificial Intelligence/Machine LearningCybersecurityCloud/Container technologiesAdvanced analytics and data scienceDatabase and data managementCI/CD&DevOpsDevOps/G

175、itOps/DevSecOpsWeb&application developmentBlockchainAugmented/Virtual realityIndustry standardsNetworking technologies(5G,SDN,NFV,etc.)KubernetesLinuxEdge computingIoT&EmbeddedStorage technologiesOpen source hardwareOther(please specify)Dont know or not sure2024202345%32%29%24%21%20%19%16%13%9%9%8%8

176、%6%4%4%4%2%0%1%35%35%34%27%23%15%14%13%12%10%8%8%5%5%5%4%4%2%2%3%24THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICES250 to 9991,000 to 9,99910,000 or more40%Cybersecurity32%AI/ML29%Database management26%Cloud/Containers23%AR/VR,3D technologies18%CI/CD&DevOps16%Advanced analytics15%Edge computing14

177、%Blockchain9%Storage technologies6%Industry standards5%Devops/Gitops/DevSecOps5%Operating systems4%Networking technologies4%Open data/Open Models3%IoT&Embedded1%Open source hardware1%Web&Application development41%AI/ML32%AR/VR,3D technologies32%Cybersecurity30%CI/CD&DevOps30%Cloud/Containers22%Advan

178、ced analytics21%Database management18%Blockchain12%Devops/Gitops/DevsSecOps11%Edge computing7%Industry standards7%Networking technologies7%Operating systems5%IoT&Embedded4%Open data/Open models4%Open source hardware1%Web&Application development61%AI/ML36%Advanced analytics33%Cloud/Containers25%Devop

179、s/Gitops/DevSecOps21%Cybersecurity18%CI/CD&DevOps18%Web&Application development16%Operating systems15%Open data/Open models13%Blockchain12%Industry standards7%Database management4%AR/VR,3D technologies3%Iot&Embedded3%Storage technologies1%Open source hardwareThe Large Language Model(LLM)is a very la

180、rge deep-learning model trained on vast quantities of text.As a result,it has a wide range of capabilities that far surpasses previous text-based AI models.They excel at a wide range of language tasks(summarization,drafting,translation,proofreading,transforming,and more).Without the need for any fur

181、ther training or fine-tuning,users simply“ask”the model to perform a given taska process known as prompting.Similar models exist for generating audio,imagery,and videos,as do multimodal models that combine various formats.Collectively,this field of research is known as Generative AI(or GenAI).The fi

182、nancial services industry clearly acknowledges the potential of recent advances in AI,with FIGURE 9 indicating the most important open source technologies.Compared with last years survey,once again,AI is at the top of the list;however,now,45%of respondents feel it is valuable to their organizations

183、future,an increase of 10%.Splitting the responses based on organization size,in FIGURE 10,we can see that larger organizations deem AI to be of increasing importance.Furthermore,“Advanced analytics and data science”is the second most important technology for the largest of organizations,whereas it r

184、anks sixth and seventh for medium and small organizations,respectively.FIGURE 10Open source technologies that are valuable to the future of the financial services industry,by organization sizeWhich open source technologies do you feel are the most valuable to the future of the financial services ind

185、ustry?(select between one and three responses)segmented by Please estimate how many employees the organization you work for has worldwide.(select one)2024 FINOS STATE OF OPEN SOURCE SURVEY,Q14 BY Q7,SAMPLE SIZE=233,VALID CASES=233,TOTAL MENTIONS=63825THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVIC

186、ES“No financial services firm is sitting on the sidelines regarding AI adoption,with all scales of banks actively exploring AI use cases despite the cautious approach due to heavy regulations.This adoption is driven by a breadth of use cases spanning bottom-line savings,productivity,and innovative p

187、roducts that drive the top line,each of which shows real business value to boards and investors.”PRACHI KASODHAN,MICROSOFT ENTERPRISE CTO,FINANCIAL SERVICESDespite the interest and excitement that surrounds this technology,the financial services industry has been struggling to adopt these nascent to

188、ols.FIGURE 11 compares the adoption of GenAI for various industries,looking at how it has risen across every industry from 2023 to 2024.Despite the broad positive message herethat GenAI adoption is rapidly growingfinancial services is,by far,seeing the most modest growth,with people regularly using

189、the technology having risen from 24%to just 26%over the past year.Our survey explored the factors that limit GenAI adoption,with the results shown in FIGURE 12.The most significant limiting factor is a lack of suitable internal governance process.Considering that financial services organizations hav

190、e highly mature governance processes and have been successfully using AI for years,that might come as a bit of a surprise.There are a couple of factors that make it hard to apply existing governance practices to GenAI.First is the FIGURE 11The use of GenAI by industry,2023 vs.2024Respondants who reg

191、ulary use generative AI tools,2023-24,by industry2024 FINOS STATE OF OPEN SOURCE SURVEY,Q16,SAMPLE SIZE=249THE STATE OF AI IN EARLY 2024-MCKINSEYFIGURE 12Factors limiting GenAI adoptionMy organizations use of GenAI is limited by,or we do not use GenAI due to:(select one response per row)60%202320244

192、0%20%EnergyFinancial ServicesMediaLegal45%A lack of suitable internal governance processesData and/or legacy technologyA lack of business case and clear ROIA lack of in-house skillsThe immaturity of this technologyA lack of leadership or ownershipA lack of ideas and applications40%29%21%10%12%18%31%

193、39%39%30%22%10%12%19%33%36%33%33%25%9%9%30%28%33%32%16%6%AgreeNeutralDisagreeDont know or not sure26THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESsheer versatility of this technology.The potential applications(translation,summarization,decision-making)are incredibly broad,going far beyond the t

194、ypically numeric and predictive AI applications that most banks currently use.Second,through open source models,third-party APIs,and end-user chat applications,GenAI has become“democratized”almost anyone can use it.Ultimately,these challenges have resulted in many organizations publicly declaring th

195、at they were“clamping down on ChatGPT”16 and significantly limiting their use of this technology.Other factors that limit GenAI adoption are data and/or legacy technologies.Achieving quality results with AI systems requires access to quality data.GenAI has once again caused organizations to look at

196、the data and technology challenges that are holding them back.The third most cited factor is a lack of clear Return on Investment(ROI).While many have found early success with prototypes or pilot applications of this technology,AI-powered applications tend to be expensive to develop and run.In order

197、 to fully commit to these developments,the ROI requires quantification.While it was not the most prominent concern,we found 34%of respondents agreeing that GenAIs immaturity is limiting its adoption.This technology has a long list of technical,legal,and ethical concerns that lack robust answers or s

198、olutions.These are the types of challenges where open source development excels,and we are likely to see open source playing a more prominent role in this technology going forward.Mark Zuckerberg recently captured the zeitgeist by declaring that“Open Source AI Is the Path Forward.”17“As we start usi

199、ng AI for more critical applications,security and safety are paramount.Open source not only fosters collaboration,transparency,and community-driven improvement but also offers a pathway to enhance safety,reliability,and resilience in critical applications.”COSMIN OPREA,ENTERPRISE ARCHITECT AND LINUX

200、 FOUNDATION EUROPE ADVISORY BOARDEarly adopters of GenAI within financial services tended to focus on chatbot applications.Last year,we saw the release of BloombergGPT18,which provides access to market data and financial news,helping users discover information within Bloombergs vast data set.This pr

201、eceded the release of BondGPT19 from Broadridge,a specialized model dedicated to the world of bonds.However,a major factor driving interest in GenAI is its breadth of applications.In FIGURE 13,we see that internal developer productivity is the area people expect this technology to have the biggest i

202、mpact.Notably,the first GenAI tool deployed for firmwide use by Goldman Sachs is a code generation application.20GenAI is creating a huge amount of interest;however,financial services adoption is starting to lag,with governance cited as a critical issue.As a result,initial use case explorations have

203、 tended to have an internal focus,which inherently reduces risks.In the future,we expect open collaboration to clear this governance hurdle,with adoption likely to increase significantly.16 https:/ https:/ https:/ https:/ https:/ 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESCloudAs shown previousl

204、y in FIGURE 10,we see that,regardless of company size,cloud ranks high,among or close to the top three priorities among an average of 30%of participants.Financial firms have been modernizing their applications to meet diverse consumer expectations over decades.As we know,cloud computing enables fina

205、ncial institutions to reduce their data storage costs with a subscription-based pricing model as opposed to paying significant upfront costs to deploy and maintain large on-premises systems.In financial services,implementing open source software can be an effective route to getting new services up a

206、nd running quickly.For those entering the market,they can build services at low costs and then scale up effectively,especially when they also use cloud computing services.Open source software includes some of the most popular options on the market for solutions such as databases,and banks across the

207、 world use open source software for multiple applications across their estates.The ability to use cloud services can also present a risk for long-term cost management.Using open source software can prevent vendor lock-in,as companies always have the option to move to another provider.Being tied to a

208、 specific cloud service that is only available from one provider is a form of lock-in,and while an organization may be happy to accept that as a price to pay at the beginning,it may lead to much higher costs over time.Firms are addressing market trends,such as AI,through cloud-powered innovations.Fi

209、rms are modernizing by providing real-time analytics or enabling customer care bots to deliver personalized assistance.Through cloud financial services,financial institutions gain access to cutting-edge 2024 FINOS STATE OF OPEN SOURCE SURVEY.Q17,SAMPLE SIZE=249FIGURE 13The areas where GenAI will hav

210、e the biggest impactIn which area do you think GenAI will have the biggest impact?(select one)37%33%26%4%Internal developer productivityNew or enhanced client-facing servicesBusiness process automationDont know or not sure28THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESanalytics tools that offe

211、r valuable insights into market dynamics.Furthermore,AI-driven customer service bots enhance the customer experience by providing timely and relevant information,ultimately improving satisfaction and retention rates.Cloud computing also has implications for compliance standards in financial services

212、 regulation,with regulatory bodies prioritizing protecting customers and investors against security threats.While the adoption of cloud technology introduces changes to compliance requirements,it also presents opportunities to enhance security measures.Cloud service providers specialize in security

213、protocols,mitigating risks associated with cyberthreats and malicious attacks.Financial institutions recognize the importance of cloud financial services in bolstering the security of financial operations and thus prioritize its integration into their IT infrastructure to safeguard customer and inve

214、stor funds.One way in which FINOS is addressing this is through its 2023 formation of Common Cloud Controls.FINOS Common Cloud Controls is an open standard project,originally proposed by Citi and now open sourced under FINOS,to describe consistent controls for compliant public cloud deployments in t

215、he financial services sector.This standard is a collaborative project that aims to develop a unified set of cybersecurity,resilience,and compliance controls for common services across the major cloud service providers.By developing a unified taxonomy of common services and associated threats,the pro

216、ject also sets out to alleviate the systemic risk of cloud concentration,an issue highlighted in recent reports from the U.S.Department of the Treasury21,the U.K.HMT22,the European Council23,and the Monetary Authority of Singapore24.A cloud control standard is necessary to effectively enhance securi

217、ty and governance protocols in financial services but also to streamline access for all institutions to efficiently utilize public cloud(s).Collaborating across the industry and cloud providers is crucial to ensure uniformity across provider platforms to implement effective multicloud strategies.Cyb

218、ersecuritySecurity has already come up numerous times in this report,so its no surprise that cybersecurity ranked second overall in the list of open source technologies that are valuable to the financial services industry.Security has always been a top concern for financial services,and this will no

219、t change as cyberattacks increase,with malicious attacks almost double pre-pandemic levels,given the sectors high exposure to cyber risks,with nearly one-fifth of all incidents affecting financial firms(FIGURE 14).”25Banks and other financial institutions are committing massive amounts of resources

220、to securing their data,communications,and software.“JPMorgan Chase,for example,the largest U.S.bank,recently reported experiencing 45 billion cyber events per day while spending$15 billion on technology every year and employing 62,000 technologists,many focused on cybersecurity.”26 In response to th

221、e ongoing threat,there is a growing body of regulations impacting financial services institutions focused on both the prevention and the reporting of cyberattacks.Recent regulations include the E.U.s Cyber Resilience Act,introduced in January 2024;the Digital Operational Resilience Act,introduced in

222、 January 2023;and the U.S.Securities and Exchange Commissions Rule Amendments to Regulation S-P in May 2024.With this vast amount of expenditure and increasing requirements,there is an opportunity to better leverage open source practices to improve security,which smaller organizations,with smaller b

223、udgets,may be better recognizing(FIGURE 10).21 The Financial Services Sectors Adoption of Cloud Services U.S.Department of the Treasury https:/home.treasury.gov/system/files/136/Treasury-Cloud-Report.pdf 22 U.K.HMT.Critical third parties to the finance sector:policy statement,June 2022.23 European C

224、ouncil.Digital finance:Council adopts Digital Operational Resilience Act,November 2022.24 Monetary Authority of Singapore.Advisory on Addressing the Technology and Cyber Security Risks Associated with Public Cloud Adoption,June 2021.25 26 International Monetary Fund.2024.Global Financial Stability R

225、eport:The Last Mile:Financial Vulnerabilities and Risks.Washington,DC,April.29THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESThe world of cybersecurity is vast,with obligations spanning cybersecurity risk management frameworks,policies,and procedures;incident reporting and response obligations;g

226、overnance and oversight structures;and third-party risk management provisions,including supply chain risk management.Open source software is not exempt from these regulations,and ensuring that open source software is secure is not only beneficial for the industry but essential.In this report,we prim

227、arily focus on the topic that comes up most frequently within our community:secure software development,including supply chain management.Well also briefly touch on a few other common topics of discussion and potential collaboration raised by our community.Secure software development is not a new to

228、pic;however,there is increased scrutiny on ensuring that open source software(and third-party software)used within financial services institutions is secure and maintained.This is necessary to protect organizations and consumers and to increase confidence in using OSS.Notably,47%(FIGURE 15)of those

229、surveyed believe that improving secure software development,legal,compliance,or security support would have a significant positive impact on their use of open source,and 46%say that OSS use would increase by using software bills of materials(SBOMs)to improve trust.This data underscores the critical

230、importance of effective open source consumption and dependency management in mitigating risk.Jeffrey Wayman,Director at Sonatype,says,“More than a decade of our own research has shown that one of the most important factors for reducing open source consumption risk is how organizations select OSS com

231、ponents.Careful selection of OSS components can mitigate risks and reduce technical debt,dependency management costs,and unplanned updates.”FIGURE 14The financial sector is highly exposed to cyber riskFinancial institutions,especially banks,are vulnerable to cyber incidents.INTERNATIONAL MONETARY FU

232、ND.2024 GLOBAL FINANCIAL STABILITY REPORT,CHAPTER 3.and have experienced notable direct losses from cyber incidents.1.Number of Global Cyber Incidents,by Sector,2004-23(Thousands)2.Losses of Global Cyber Incidents,by Sector,2004-23(Billions if US Dollars)TotalTotalFinanceFinance140120100806040200807

233、06050403020100FinanceFinanceBanksPublic AdministrationPublic AdministrationRetail TradeRetail TradeManufacturingManufacturingOthersOthersOthersOthersAsset ManagersAsset ManagersInsurersInsurersBanksServicesServices30THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESInitial component selection is ex

234、tremely important but is just the beginning;ongoing maintenance and updates are crucial.As discussed earlier(FIGURE 5),only 37%of respondents are extremely confident that the open source components they use are maintained and up to date.This indicates an area for improvement,as complacency in mainta

235、ining OSS components can lead to increased vulnerability,risk,and technical debt.According to Sonatypes research27,“96%of vulnerable downloaded releases had a fixed version available,”indicating that closer scrutiny of versions could significantly reduce risk.Moreover,the risk is no longer solely re

236、lated to known vulnerabilities.As mentioned earlier,the threat of malicious components has begun to eclipse all other forms of open source consumption risk and led to increased global legislation calling for software organizations to ensure the software they produce is secure by design.While 46%of r

237、espondents recognize that using SBOMs improves component trust,only 12%include SBOM development as part of their OSS contribution process(FIGURE 16).This finding underscores a disconnect between the importance of transparency and the often-unknown risk present within an organizations software supply

238、 chain.2024 FINOS STATE OF OPEN SOURCE SURVEY,Q24,SAMPLE SIZE=249FIGURE 15Impact of investment on OSS useTo what extent would OSS use change if your organization invested in the following:(select one response per row)2024 FINOS STATE OF OPEN SOURCE SURVEY,Q27,SAMPLE SIZE=235,VALID CASES=235,TOTAL ME

239、NTIONS=583FIGURE 16Steps followed for OSS code contributionWhat steps are followed for contributing OSS code in your organization?(select all that apply)27 https:/ the non-technical value proposition of OSS Improving how we do secure software developmentImproving legal,compliance,or security support

240、Using software bill of materials(SBOM)to improve component trust Developing a clear and visible strategy of OSS Implementing a consistent policy or supporting training and guidance Providing automated tooling to support policy Implementing or improving an Open Source Program Office(OSPO)Improving co

241、mmunication between engineering and application security teams50%37%3%10%16%6%31%47%47%27%12%14%14%8%32%46%45%31%9%15%14%6%35%45%44%31%13%12%16%8%38%38%36%39%11%14%IncreaseStay the sameDecreaseDont know or not sure50%47%35%34%32%28%12%8%Security and vulnerability testingCode review by peersLegal/com

242、pliance approval and sign-offFunctional software quality assurance testingComponent documentationRecording of time spent contributingSBOM developmentDont know or not sure31THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESSupply chain management and secure software development is undoubtedly comple

243、x.During interviews for this report and at the most recent Open Source in Finance Forum event,our community shared its diverse insights and tips on this topic.A sample of these follows.INGESTION AND SELECTION:Focus on the careful selection of open source and third-party software,and identify all the

244、 ways that software is coming into your organization.Use only the best,most actively supported OSS components,evaluating OSS against criteria such as known vulnerabilities,age,and average remediation/update times to ensure quality.Build relationships with key projects and their developers,and even c

245、onsider paying maintainers.According to Tidelift,“paid maintainers complete security and maintenance tasks more often than unpaid maintainers.”28SECURITY AND MONITORING:Continuously track,monitor,and improve the security of OSS that is being consumed.Ensure developers understand how and where they c

246、onsume OSS spanning the entire software development lifecycle(SDLC),with dependencies being identified at build time.Integrate security scanning as frequently as possible,and incorporate it directly into development tools.Verify the authenticity of the software thats running in your organization,lev

247、eraging SBOMs,attestations,and provenance metadata.POLICIES AND PROCESSES:Build tools and processes to help your engineers make good decisions without placing all of the burden on them.Establish guidelines for the timely mitigation of vulnerabilities based on their severity,and require immediate rem

248、ediation of suspected malicious packages.Implement processes to ensure the guidelines are met.Recognize that these practices are crucial across all technologies,including efforts in AI and cloud.28 https:/ 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESThere are numerous open source tools,resources,

249、and initiatives available to help organizations develop secure software and implement robust supply management practices.SECURE SOFTWARE DEVELOPMENT AND SUPPLY CHAIN RESOURCESOpen Source Security Foundation(OpenSSF)Cross-industry initiative aimed at improving the security of open source software by

250、addressing all aspects of the software supply chain,providing collaborative open source projects,guidelines,frameworks,tooling,training,and certifications.Linux Foundation Training&CertificationThe Linux Foundation offers over 40 trainings and certifications,many of which are free,focused on a wide

251、range of cybersecurity topics,including secure software development,supply chain management,understanding threats and vulnerabilities,DevSecOps,Kubernetes,and more.Sonatypes Annual State of the Software Supply Chain Report,available in October 2024Sonatypes 10th annual report provides a comprehensiv

252、e view of the software supply chains evolution,current dynamics,and future outlook across the key themes of scale,risk,optimization,and collaboration.Another area of potential collaboration focuses on sharing information related to cyber incident responses.Pooling information on emerging threats and

253、 collaboratively identifying best practices for financial institutions can help reduce the time it takes to respond to incidents,minimize the impact of cyberattacks,and build knowledge of better cyber practices.One such collaborative effort is OpenSSF Siren,which aggregates and disseminates threat i

254、ntelligence specific to open source projects.Hosted by OpenSSF,this platform provides a secure and transparent environment for sharing Tactics,Techniques,and Procedures(TTPs)and Indicators of Compromise(IOCs)associated with recent cyberattacks.29Finally,several members of our community recently enga

255、ged in a table top exercise(TTX),authored and led by ControlPlane,focused on incident responses.This discussion-based exercise explored incident response plans and procedures,including the importance of treating incident response not just as a process or policy but as something that needs to be trie

256、d and tested much like anything else.The group recognized the value of ensuring good communication across all areas of an organization and that,while technical skills are essential,so too are the soft skills that enable individuals under pressure to communicate and respond calmly to a rapidly develo

257、ping situation.There was also consensus that confirming or denying the threat and the relevant blast radiusthose side systems or services that could suffer impacts apart from the original target systemremains a critical priority.As Ashley Ward,CTO at ControlPlane,points out,“just as open source and

258、cloud native technologies allow us to develop solutions faster than ever,our TTX brought to the floor how important it is to recognize that these fast-paced environments can present challenges for traditional tooling and ways of working.”3029 https:/openssf.org/blog/2024/05/20/enhancing-open-source-

259、security-introducing-siren-by-openssf/30 Interview with Ashley Ward,August 19,202433THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESConclusions and actionable insightsIncreasing recognition of the value of open source for financial services is driving a continued focus on consumption alongside gr

260、eater contribution in open source projects and standards across a growing number of areas.Newer initiatives around AI,such as Open RegTech and OS-Climate,are joining long-standing efforts related to open source readiness,cloud,and interoperability.This greater breadth of collaboration is also benefi

261、ting from increased diversity in the community both at the organization level(record numbers of buy-side interest and new tech companies)and at the individual level.While the contribution trend for financial services is positive and the gap is closing,it still lags other industries when it comes to

262、contribution,which is costly and will slow innovation.INVESTMENT IN OPEN SOURCE MANAGEMENT AND SECURITY CONTINUES TO BE IMPORTANTOSS continues to play a crucial role in financial services,offering benefits such as reduced costs,enhanced innovation,and faster time to market.With the substantial amoun

263、ts of open source consumed,security of open source components remains a significant concern,and the confidence in the maintenance and security of the OSS components organizations rely on has room for improvement.Financial institutions must adopt a proactive approach to managing their use of OSS,ensu

264、ring that the components they rely on are secure,well maintained,and up to date.This proactive management includes implementing rigorous selection criteria for OSS components,investing in tools that track and manage open source consumption,and participating in the broader open source community to co

265、ntribute to the maintenance and improvement of critical software.COLLABORATION AND STANDARDIZATION HELP THE INDUSTRY CAPITALIZE ON STRATEGIC TECHNOLOGIESAccelerating innovation is a key advantage of collaboration and standardization in the financial services industry.By engaging in open collaboratio

266、n with industry peers,financial institutions can share diverse perspectives and experiences,resulting in more robust and innovative solutions that address common industry challenges and benefit all organizations.These collaborations deliver essential open source software and standards,including in s

267、trategic areas such as cloud computing,AI,interoperability,regulatory compliance,and security.They also provide an ideal opportunity to develop governance frameworks and compliance controls that accelerate the use of strategic technologies,enabling firms to spend increased time on software that prov

268、ides a competitive advantage and delivers value to its end users.Actively contributing to open source software and standards also reduces technical debt and helps ensure that the software the industry relies on aligns with its needs,providing further monetary and business value.Organizations should

269、proactively dedicate resources to collaborate on open software,standards,tools,and frameworks,including in areas like cloud,AI governance,and security.These efforts will accelerate innovation and lead to a more efficient,secure,and interoperable ecosystem at a reduced cost to each individual firm.We

270、 invite organizations to leverage the insights and tools provided in this report and to actively engage with open source communities and initiatives in any way their current level of open source maturity permits.Doing so will enhance operations,benefit employees,and also contribute to the broader in

271、dustrys innovation,security,and resilience.Together,we can drive the financial services sector forward,ensuring that it remains competitive and capable of addressing future challenges.34THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESMethodologyThis research report draws on survey data,industry d

272、ata,and insights culminating from a series of qualitative interviews.Senior IT leaders fluent in open source technologies,communities,and challenges provided their insights.In-depth interviewsWe recorded the interviews to enable the production of transcripts.These transcripts were strictly controlle

273、d and used only for the purposes of this report.If an interviewee did not permit recording,we took detailed notes instead.We also shared questions for completion via email.Unless the named individuals and/or their organizations gave explicit approval for the quotes,we anonymized the sources.About th

274、e surveyFrom May to June of 2024,FINOS and its research partners fielded a worldwide survey of qualified individuals within(or providing services to)the financial services industry on various questions related to organizational open source consumption,contribution,opportunities,and challenges.The qu

275、antitative survey was designed to engage key stakeholders at the intersection of open source and financial institutions,including developers,IT leaders,executive management,security,legal,procurement,and human resources.This was combined with distillation and benchmarking of previous work conducted

276、by the Linux Foundation and FINOS.The survey was distributed and promoted across research partner social media channels,websites,newsletters,and direct email campaigns.The survey sample also included qualified responses from a third-party panel provider.The data from the 2021,2022,and 2023 studies a

277、nd this 2024 survey are openly available on data.world.Like last year,this 2024 survey primarily focused on both end-user organizations and fintech vendors.End-user organizations are primarily consumers of IT products and services,whereas fintech vendors are primarily producers of IT products and se

278、rvices.We made comparisons between 2021,2022,2023,and 2024 questions where possible.Percentage values in charts may not add up to 100%due to rounding.Screening criteriaThe qualified sample size analyzed for the 2024 survey was 249.This sample size reflects those respondents who passed various screen

279、ing and filtering criteria,including the following:A respondent had to be employed full-time or part-time or be self-employed.A respondent had to be employed within or working closely with the financial services industry.A respondent had to be somewhat familiar,very familiar,or extremely familiar wi

280、th their organizations approach to open source.A respondent had to self-identify as a real person.A respondent had to answer the first content question after the screening and demographic questions.The margin of error for this sample size(N=249)is+/-5.2.1%with 90%confidence.35THE 2024 STATE OF OPEN

281、SOURCE IN FINANCIAL SERVICESYear-over-year comparisonsWe made comparisons between data collected in 2021,2022,2023,and 2024,question and response design permitting.Respondents had to answer nearly all questions in the survey,so there are situations when a respondent is unable to answer a question be

282、cause it is outside the scope of their role or experience.For this reason,we presented a“Dont know or not sure”(DKNS)response to the respondent.The share of DKNS responses in a question influences the percentage values of the remaining responses.Generally,we present the percentage of respondents who

283、 answer DKNS as a valid response to each question.One exception is when we are performing year-over-year comparisons.Differences in the percentage of DKNS responses between questions year over year will skew the comparative results.Therefore,when performing year-over-year comparisons,we exclude DKNS

284、 responses and recalculate percentages so that we have a normalized basis for comparing the remaining percentage values.DemographicsFIGURE 17 presents demographic data from the survey.This was a worldwide study,with 39%of respondents residing in North America,28%in Europe,and 29%in Asia-Pacific coun

285、tries.We show the company size data(number of employees)in the second panel as aggregated into four categories.We included all company sizes in the survey sample,but when we used this variable for segmentation,we decided to exclude organizations with fewer than 250 employees due to a lack of data re

286、liability.The third panel classifies the organization of the respondents and shows that 58%of respondents work in financial institutions and that 35%are employed in the fintech/financial services sector.2024 FINOS STATE OF OPEN SOURCE SURVEY,Q34,Q7,Q5,SAMPLE SIZE=249FIGURE 17Selected demographics fr

287、om the 2024 FINOS State of Open Source in Financial Services SurveyPlease select the geographic region in which you reside.(select one)Please estimate how many employees the organi-zation you work for has worldwide.(select one)What option best describes the organization you work for?(select one)58%3

288、5%7%6%37%30%27%39%28%29%4%Financial institutionFintech/Financial services vendorOther1 to 249250 to 9991,000 to 9,99910,000 or moreNorth AmericaEuropeAsia-PacificOther36THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESResourcesReports A Guide to Enterprise Open Source The 2023 State of OSPOs and O

289、SS Initiatives World of Open Source:Europe Spotlight 2023 2023 State of Open Source in Financial Services Report 2022 State of Open Source in Financial Services Report A Deep Dive into Open Source Program Offices:Structure,Roles,Responsibilities,and Challenges A Guide to Open Source Software for Pro

290、curement Professionals Addressing Cybersecurity Challenges in Open Source Software The Case for Confidential ComputingGuides&Training Open Source Body of Knowledge Open Source Maturity Model in Financial Services A Beginners Guide to Open Source Software Development(Free Training)Using Open Source C

291、ode Open Source Consumption Manifesto State of the Software Supply Chain Releasing Internal Code into a New Open Source Project Marketing Open Source Code Open Source Program Office 101(Free Training)Introduction to FDC3(Free Training)Developing Secure Software(Free Training)SIGSs and Projects FINOS

292、 Project Landscape Open Source Project Catalogs(FINOS,Linux Foundation,Apache Foundation,Eclipse Foundation)37THE 2024 STATE OF OPEN SOURCE IN FINANCIAL SERVICESAcknowledgmentsThis report and the research behind it would not have been possible without the contributions of many individuals.Beginning

293、with the research team partners,the authors wish to thank the entire FINOS and Linux Foundation teams,including Gabriele Columbro,Jane Gavronsky,Maurizio Pillitu,Aaron Griswold,Win Morgan,Niamh Parker,Kendall Perez,Anna Hermansen,Stephen Hendrick,Mia Chaszeyka,and Noah Lehman.Together,this group fac

294、ilitated various aspects of the research and supported interview outreach.We would like to thank Jeffery Wyman and Sonatype for helping to distribute the survey and for providing valuable insights and input for the survey and report.Finally,thanks to all who continue to contribute to open source in

295、the financial services industry.To reference this work,please cite as follows:Hilary Carter,Cara Delia,Tosha Ellison,Colin Eberhardt,and Adrienn Lawson,“The 2024 State of Open Source in Financial Services,”foreword by Rhyddian Olds,The Linux Foundation,September 2024.Founded in 2021,Linux Foundation

296、 Research explores the growing scale of open source collaboration,providing insight into emerging technology trends,best practices,and the global impact of open source projects.Through leveraging project databases and networks,and a commitment to best practices in quantitative and qualitative method

297、ologies,Linux Foundation Research is creating the go-to library for open source insights for the benefit of organizations the world over.The Fintech Open Source Foundation(FINOS)is an independent nonprofit organization focused on promoting open innovation during a period of unprecedented technologic

298、al transformation within financial services.FINOS believes that organizations that embrace open source software and common standards will be best positioned to capture the growth opportunities presented by this transformation.GitHub is the developer company.We make it easier for developers to be dev

299、elopers:to work together,solve challenging problems,and create the worlds most important technologies.We foster a collaborative community that can come togetheras individuals and in teamsto create the future of software and make a difference in the world.At Scott Logic,we love difficult.Our 300 U.K.

300、-based consultants collaborate with some of the worlds biggest enterprises,providing a pragmatic approach to software development and delivering measurable value through insightful technology advice.Our mission is to help our clients envision,design,build,and run the software applications that meet

301、their needs and deliver the unique services their customers demand.Red Hat is the worlds leading provider of enterprise open source solutionsincluding Linux,cloud,container,and Kubernetes.We deliver hardened solutions that make it easier for enterprises to work across platforms and environments,from the core datacenter to the network 2024 FINOSThis report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License.