Discover actionable strategies for managing open source dependencies and reducing vulnerabilities. Learn how to leverage Dependency Consumption Analysis, a free FINOS member benefit powered by Sonatype, to improve software security.
Watch an engaging session in the Open Source in Finance Webinar Series.
Speakers: Brian Fox, Co-Founder & CTO, Sonatype. Tosha Ellison, Strategic Advisor, FINOS.
Dependency Consumption Analysis
This detailed discussion centers on the critical role of open source dependencies in modern software development, specifically within the financial services sector. The speakers highlight the extensive use of open source components, which constitute approximately 90% of a typical application, and address the often-overlooked magnitude of these components within organizations.
Emphasizing the importance of proper management of these dependencies, they discuss the benefits such as improved software quality and business value, and the challenges including potential security vulnerabilities and compliance with regulations. The webinar also provides insights into tools and methodologies for better managing these dependencies, the significance of developer training, and the evolving landscape of software supply chain attacks. The goal is to help organizations understand their open source consumption, mitigate risks, and leverage better practices for secure and efficient software development.
SLIDES
Chapter Time Stamps:
00:00 Introduction to Open Source Dependencies
00:24 The Prevalence of Open Source in Modern Applications
02:55 Challenges and Benefits in Financial Services
04:17 Early Adoption and Industry Trends
05:06 Security Concerns and Componentization
05:31 FINOS Report Insights
08:13 Confidence vs. Reality in Open Source Management
11:11 Dependency Consumption Analysis
11:52 Visibility and Risk Management
16:25 Case Studies and Real-World Examples
25:53 Developer Behavior and Organizational Impact
28:27 Understanding Licensing and Policy Violations
29:06 Outdated Infrastructure and Shadow Downloads
30:14 Open Source Supply Chain Attacks
31:25 The Rise of Malicious Components
33:11 Combating Malicious Components
35:47 Proactive Measures and Real-Time Data
46:54 Empowering Developers with Better Tools
52:04 Integrating Tools in Legacy Systems
54:54 Q&A and Final Thoughts
Interested in FINOS open source projects? Click the link below to see how to get involved in the FINOS Community.
FINOS Good First Issues - Looking for a place to contribute? Take a look at good first issues across FINOS projects and get your feet wet in the FINOS community.
State of Open Source in Financial Services Report 2024 - Learn about what is really happening around open source in FSI.
This Week at FINOS Blog - See what is happening at FINOS each week.
FINOS Landscape - See our landscape of FINOS open source and open standard projects.
Community Calendar - Scroll through the calendar to find a meeting to join.
FINOS Slack Channels - The FINOS Slack provides our Community another public channel to discuss work in FINOS and open source in finance more generally.
Project Status Dashboard - See a live snapshot of our community contributors and activity.
Events - Check out our upcoming events or email marketing@finos.org if you'd like to partner with us or have an event idea.
FINOS Open Source in Finance Podcasts - Listen and subscribe to the first open source in fintech and banking podcasts for deeper dives on our virtual "meetup" and other topics.
