Community Blog

Maurizio Pillitu

Open Source in Financial Services: Security and Resilience in Times of Economic Uncertainty

February 02, 2023

Maurizio Pillitu

Leave a comment

The FINOS 2022 State of Open Source in Financial Services (OSinFSI) Report sheds light on the precarious security challenges in the financial services sector and the crucial role open source software plays in mitigating these risks. Though many business leaders may be unaware of the proper management of open source software, this article aims to provide high-level insights for secure consumption and contribution to open source.

Introducing FINOS Security Scanning

October 24, 2022

Maurizio Pillitu

Leave a comment

Today we’re very excited to present FINOS Security Scanning - a FINOS initiative for driving security best practices across our hosted projects. This helps FINOS project maintainers quickly enable continuous scanning on their hosted codebase, as an additional tool of security options.

Meet cla-bot, Our IP Compliance Minion

August 03, 2017

Maurizio Pillitu

Leave a comment

How the Symphony Software Foundation enforces IP Compliance of their hosted code

At the Symphony Software Foundation we care a lot about IP Compliance of the software we host, which is why we:

1. Define a Contributor License Agreement (CLA, that must be either signed by the individual or his/her employer)
2. Securely s t ore data capturing user affiliations, employers and CLAs in our internal infrastructure

3. Require pro ject leaders to validate whether the contributors (or commit authors, in GitHub lingo) o f each code contribu tion are covered by a CLA signed with the Foundation