FinTech software developer? Top 4 open source management risks to avoid

February 26, 2015 Rami Sass

As a software developer developing software for financial institutions, you know that you cannot deliver anything short of a faultless solution.

Financial institutions are highly regulated customers and what the legislator demands of them, they in turn demand of their suppliers.

So one of the requirement is for you to provide an impeccable, well managed and thoroughly documented solution.

This means carefully managing, documenting and reporting the open source components being used in your software.

At WhiteSource, we see how companies like yours manage their open source software. We see what their challenges are and how our software helps them handle these challenges. Here are some of the issues software companies are struggling with and the resulting top risks you'd want to avoid:

1. Failing to identify and manage open source dependencies

Most open source components rely on other open source components (commonly referred to as dependencies). Those are often missed when documenting open source manually.

It is important to know of the dependencies because quite often they have different licenses.

WhiteSource Research: in 64% of open source components checked, dependencies had different licenses than the open source components that used them

2. Failing to set open source policy

Your way of doing business, your customers and your technology should all affect your open source policy. Without a set policy, it is hard to …

WhiteSource Research: 27% of companies surveyed do not have a well-defined open source policy

learn how to choose the open source solution that fits your needs

3. Failing to know when the open source policy is violated

Having an open source policy is great, but will not help you much if you do not know when it is violated and rectify the situation.

WhiteSource Research: 91% of companies with well-defined open source policies do not know when they are violated

4. Failing to update open source components for security issues and other bugs

Like any software, open source components may occasionally suffer from security vulnerabilities and bugs. The good news: there is an entire community that uses, checks and fixes these components when necessary. It is up to you though, to learn of security vulnerability alerts and new versions, and update your software when necessary.

WhiteSource Research: In commercial projects analyzed, over 95% of vulnerable open source components had a newer version available

Developing FinTech software? Here is how you can do things differently:

  1. Know what open source components you are using, including dependencies, and their licenses
  2. Set an open source policy and enforce it
  3. Be alerted when the policy is not adhered to
  4. Get alerts when security vulnerabilities are discovered and when new versions are available

Contact WhiteSource and start doing all of that, EFFORTLESSLY!

 

Previous Article
FFIEC Guidance: the effortless path to controlling risks when using open source components
FFIEC Guidance: the effortless path to controlling risks when using open source components

The FFIEC (Federal Financial Institutions Examination Council) has released the "Risk Management for the Us...

Next Article
Developing software for financial institutions? Top 5 mistakes engineering executives make when it comes to managing open source
Developing software for financial institutions? Top 5 mistakes engineering executives make when it comes to managing open source

Financial institutions are demanding customers. They are highly regulated and closely monitored. Software...