Community Blog

OSinFinance Webinar: Assessing your open source security

Written by FINOS Team | 1/23/25 4:05 PM

Discover actionable strategies for managing open source dependencies and reducing vulnerabilities. Learn how to leverage Dependency Consumption Analysis, a free FINOS member benefit powered by Sonatype, to improve software security.

Watch an engaging session in the Open Source in Finance Webinar Series.

Speakers: Brian Fox, Co-Founder & CTO, Sonatype. Tosha Ellison, Strategic Advisor, FINOS.

Dependency Consumption Analysis

This detailed discussion centers on the critical role of open source dependencies in modern software development, specifically within the financial services sector. The speakers highlight the extensive use of open source components, which constitute approximately 90% of a typical application, and address the often-overlooked magnitude of these components within organizations.

Emphasizing the importance of proper management of these dependencies, they discuss the benefits such as improved software quality and business value, and the challenges including potential security vulnerabilities and compliance with regulations. The webinar also provides insights into tools and methodologies for better managing these dependencies, the significance of developer training, and the evolving landscape of software supply chain attacks. The goal is to help organizations understand their open source consumption, mitigate risks, and leverage better practices for secure and efficient software development.

SLIDES

Chapter Time Stamps:

00:00 Introduction to Open Source Dependencies

00:24 The Prevalence of Open Source in Modern Applications

02:55 Challenges and Benefits in Financial Services

04:17 Early Adoption and Industry Trends

05:06 Security Concerns and Componentization

05:31 FINOS Report Insights

08:13 Confidence vs. Reality in Open Source Management

11:11 Dependency Consumption Analysis

11:52 Visibility and Risk Management

16:25 Case Studies and Real-World Examples

25:53 Developer Behavior and Organizational Impact

28:27 Understanding Licensing and Policy Violations

29:06 Outdated Infrastructure and Shadow Downloads

30:14 Open Source Supply Chain Attacks

31:25 The Rise of Malicious Components

33:11 Combating Malicious Components

35:47 Proactive Measures and Real-Time Data

46:54 Empowering Developers with Better Tools

52:04 Integrating Tools in Legacy Systems

54:54 Q&A and Final Thoughts

 

Interested in FINOS open source projects? Click the link below to see how to get involved in the FINOS Community.

 

FINOS Good First Issues - Looking for a place to contribute? Take a look at good first issues across FINOS projects and get your feet wet in the FINOS community.

State of Open Source in Financial Services Report 2024 - Learn about what is really happening around open source in FSI.

This Week at FINOS Blog - See what is happening at FINOS each week.

FINOS Landscape - See our landscape of FINOS open source and open standard projects.

Community Calendar - Scroll through the calendar to find a meeting to join.

FINOS Slack Channels - The FINOS Slack provides our Community another public channel to discuss work in FINOS and open source in finance more generally.

Project Status Dashboard - See a live snapshot of our community contributors and activity.

Events - Check out our upcoming events or email marketing@finos.org if you'd like to partner with us or have an event idea.

FINOS Open Source in Finance Podcasts - Listen and subscribe to the first open source in fintech and banking podcasts for deeper dives on our virtual "meetup" and other topics.

 
View full post