Keeping up with the latest news and updates is almost impossible with in the ever-changing landscape of fintech. The Hot Topics track at OSFF will break down some of updates and show how they can impact finance! Learn how financial institutions can protect themselves during development, provide a more inclusive user experience, explore a new use case for blockchain, and more!
11:15 AM EST - Open Source Supply Chain Threat Landscape - A Moving Target
Brian Fox - Cofounder & CTO, Sonatype
There are growing numbers of organized attackers whose sole focus is exploiting vulnerabilities in open source ecosystems, frequently by making their malware appear legitimate. Security and development teams need to understand the cascading impacts and changing landscapes of these exploitations, and put developer-first security tools in the hands of developers everywhere. This talk explores how attacks have evolved over the last 15 years and provides a framework to mature your process and counter the latest types of attacks.
11:55 AM EST - From Security Testing to Deployment in a Single PR
Sarah Khalife - Enterprise Solutions Engineer, GitHub
Securing the app development lifecycle early on and incorporating security through a transparent and consistent process is key in building any production level applications. On a daily basis, how often do you build your application? Now think, how often do you scan for vulnerabilities in the code? This is mostly an afterthought, and is not always considered as the easy part of developing any applications. The recent vulnerability exploits reinforced the need for a secure development lifecycle. Simplifying and automating the process all in a single pull request makes it much easier for any app developer to add security in their pipeline. This talk will cover how to leverage available open source tooling to build and test an application, run security scans across it, and package it for shipping. The session will also provide a step-by-step demonstration on how to set it up all within a pull request and push the application to a production environment in a consistent manner.
1:55 pm EST - Proactive and Polymorphic Adaptation of Multi-Cloud Deployments
Katarzyna Materka - Cloud Computing Unit Director, 7bulls.com
During the session, entitled: “Proactive and polymorphic adaptation of multi-cloud deployments”, Katarzyna will present how to implement Multi-Cloud native strategies using an advanced open-source framework. Such framework allows for Cloud-agnostic Cross-Cloud deployment and optimized management of a Cloud application based on flexible monitoring, context-aware maximization of the application owner’s utility of the deployed application, and autonomic reconfiguration based on the application’s current execution context. During this session, we provide a practical introduction to Multi-Cloud application modelling, configuration, deployment, and adaptation. All stages of the Cloud deployment planning and designing process will be shown. Also, all the key steps in the deployment and autonomic application management will be demonstrated.
2:35 pm EST - Building a Secure Open Source Project on GitHub
Philip Holleran - Field CTO - Americas, GitHub
Deciding to open source a project leads to a number of security-related questions within firms, including: How can we assure the code we are releasing and accepting is as secure as possible? How do we respond if someone finds a vulnerability? GitHub provides several security tools and capabilities free of charge for all open source projects.
This talk will cover how to use GitHub to:
- Protect your project from vulnerable dependencies,
- Scan your code for security vulnerabilities,
- Establish a security policy for responsible disclosure of discovered vulnerabilities,
- Privately collaborate with security researchers to fix identified vulnerabilities before disclosing them to your community
3:15 pm EST - Musical Charts: Using OSS to Make Data Visualizations Accessible to Visually Impaired Users
Julianna Langston - Senior Software Developer, Cosaic
Do you use or produce software that includes charts or graphs? Are you making your charts and graphs accessible to blind users, current or future? Do you have legal requirements to remediate existing charts and graphs for accessibility? If you aren't currently addressing accessibility for screen readers, this talk will cover the industry standards. If you are following industry standards, this talk will cover how underwhelming those standards are, and what you can do about it to set your product apart from the competition. Julianna Langston has written an open source javascript library, Chart2Music, which provides an easy way for developers to seamlessly integrate accessibility into their charts and graphs without having to take on privacy or maintenance concerns, and while delivering a delightful experience to end-users.
4:15 pm EST - Open Source Powered Real-Time Fraud Analysis in a Hybrid Cloud Environment
Krishna Ratakonda - VP & CTO, IBM Cloud for Financial Services, IBM
Yichong Yu - Senior Solutions Architect, IBM
Real-time analytics could help financial institutions create enhanced customer experience, combat fraud, and manage risk better. This talk uses credit card fraud detection to demonstrate how to combine the power of open source and closed source to build and train the AI model for fraud detection on the Cloud and deploy it for real-time fraud detection on the mainframe at scale. Credit card transactions are typically processed on a mainframe. Training the model is more convenient in a Cloud setting where the on-premise transaction data and other relevant third party data are brought into a secure environment compliant with financial industry regulations. This talk shows how to build and train deep learning models using TensorFlow on the Cloud and persist the trained model in an open standard format (ONNX). Finally the trained model is deployed on the IBM mainframe where Telum AI Accelerator is used for real-time in-transaction inference at scale. The pattern described in this talk could be applied to other use cases in financial industry and beyond. Open source and closed source software can work in harmony to solve many real-world problems in a hybrid multi-cloud environment.
4:55 pm EST - Bringing Blockchain-Backed Provenance to Financial Services
Duncan Johnson-Watt - CEO, BTP
Csilla Zsigri - VP Strategy, BTP
In a report entitled Time for Trust: The trillion-dollar reasons to rethink blockchain published in 2020, economists at PwC identified provenance as the number one application area that is not only driving the adoption of distributed ledger technology, but also has the potential to yield the most economic value. Payments and financial instruments are the runner-ups, so why not combine the two?
In this session, we will discuss why provenance matters and how the financial services industry can benefit from a blockchain-backed provenance solution – through the eyes of corporate actions.
A corporate action is an event that materially impacts an organization and its stakeholders. Typical corporate actions include the payment of dividends, mergers, acquisitions, spinoffs, among other events. A single event may involve hundreds of market participants, and may cascade down to thousands of investors. The management of corporate actions is a complex process, and to a large extent, it’s still manual. Errors in the handling of a corporate action may result in major financial losses.
The ability to digitally record the issuance of a corporate action as well as its entire life journey immutably, has the potential to substantially improve corporate actions management.
Closing with a demo of provenance in action, we will showcase BTP’s Chronicle, a blockchain-backed, domain-agnostic solution for immutably recording provenance data, in this case applied to corporate actions.
Interested in learning more about OSFF? Check out our website for the full schedule and register today!