The FINOS 2022 State of Open Source in Financial Services (OSinFSI) Report sheds light on the precarious security challenges in the financial services sector and the crucial role open source software plays in mitigating these risks. Though many business leaders may be unaware of the proper management of open source software, this article aims to provide high-level insights for secure consumption and contribution to open source.
Recent Posts
Today we’re very excited to present FINOS Security Scanning - a FINOS initiative for driving security best practices across our hosted projects. This helps FINOS project maintainers quickly enable continuous scanning on their hosted codebase, as an additional tool of security options.
How the Symphony Software Foundation enforces IP Compliance of their hosted code
At the Symphony Software Foundation we care a lot about IP Compliance of the software we host, which is why we:
1. Define a
Contributor License Agreement
(CLA, that must be either signed by the individual or his/her employer)
2. Securely s t ore data capturing user affiliations, employers and CLAs in our internal infrastructure
2. Securely s t ore data capturing user affiliations, employers and CLAs in our internal infrastructure
3. Require pro
ject leaders to
validate
whether the contributors (or commit authors, in GitHub lingo) o
f each code contribu
tion are covered by a CLA signed with the Foundation
On April 28, we hosted our very first Project Automation Panel, specifically tackling the NodeJS ecosystem.