Banks grow more open to open source software

Cara Delia, principal vertical community architect for Red Hat, Colin Eberhardt, chief technology officer at the consulting firm Scott Logic, and Hilary Carter, senior vice president of research and communications at the Linux Foundation, participate in the 2022 Open Source in Finance Forum on Dec. 8. The panel discussed the progress banks have made in adopting and contributing to open source software.

Financial services companies are rapidly adopting open source software and they are contributing back to those projects more than in the past. But pockets of resistance still exist, and some banks are still reluctant to have their developers spend their time on open projects, a survey and research report released Thursday found.

So far this year, software developers at financial institutions have contributed just fewer than 536,000 changes to open source projects on GitHub, which is one of the largest hosts of source code. That is 24% more contributions than in 2021, when these developers made just over 429,000 contributions, according to the report from the Fintech Open Source Foundation, a nonprofit dedicated to "accelerating collaboration and innovation in financial services through the adoption of open source software, standards and best practices," according to the organization. 

For its 2022 State of Open Source in Financial Services, the nonprofit's second such annual survey, FINOS counted the number of contributions to open source projects hosted on GitHub by looking at the number of commits coming from users with email addresses associated with a financial services company. A commit is a change to a code base and in this instance serves as a unit of work a developer has spent on a project.

FINOS also surveyed 249 financial services professionals who were familiar with their organization's approach to open source software. Of those surveyed, 87% said open source was "valuable to the future" of the finance industry, and 56% reported their organizations were getting more value from open source software compared to last year.

According to Gabriele Columbro, the executive director of FINOS, the findings show an "acceleration in the engagement in open source" and more financial institutions laying out the foundations they need to continue the momentum. He also said this is a reflection of the nonprofit's work to increase engagement with open source projects among financial institutions.

"While we know there is still a lot of work to do to reach full maturity, we're extremely proud of the major role that FINOS played in opening up financial services to the disruptive innovation benefits open source can deliver to this sector, very much as it has in all other industries in the last two decades," Columbro said.

For Columbro, the survey findings highlight the need for more financial institutions to create Open Source Program Offices. The Linux Foundation, which frequently partners with FINOS including to develop and release the survey report, describes an Open Source Program Office as "a designated place where open source is supported, nurtured, shared, explained and grown inside a company."

Columbro said that, historically, financial institutions have had a hard time trusting open source software for a variety of reasons, including potential licensing and security issues. FINOS exists to address these concerns, he said.

"We've positioned ourselves as a foundation that will look at and take care of the complex security quality and intellectual property validation of the code that gets contributed so that financial services companies' developers can focus on developing great open source code," Columbro said.

The work, he said, has paid dividends. The FINOS survey found that 48% of respondents worked for companies that openly encouraged the consumption of open source software, up from 27% in 2020. Relatedly, 35% of companies surveyed permitted their developers to contribute to open source projects in some circumstances (up from 20% in 2020) while 6% did not permit such contributions (down from 20% in 2020).

The reasons to adopt open source projects go far beyond mere goodwill or dedication to ideals of an open society. For many enterprises, the value in open source is in the benefits around interoperability it brings, according to Hilary Carter, senior vice president of research and communications at the Linux Foundation.

"Open source software helps solve some of the pain points around the lack of interoperability across applications," Carter said.

The open source software projects that financial institutions are adopting reflect this need for interoperability. The FINOS survey found cloud and container technologies were the most common type of projects that financial companies were adopting, with 60% reporting use of this kind of open source project.

Containers are a technology that allow the same package of code to run in different computing environments, which is useful for ensuring that code produces the same results in tests as it will when deployed for production. Containers are one part of the wider ecosystem of interoperability tools.

Web and application development were a close second in terms of popularity, with 58% of respondents reporting their company used an open source project in that category. More than half of surveyed financial institutions also use open source projects for DevOps, which are practices associated with keeping software development and deployment harmonized.

Financial institutions disproportionately use Java projects compared with other firms, according to the FINOS data. While just over 11% of GitHub projects are written primarily in Java, just over 50% of commits by financial service users on the platform went to Java-based projects. Although Java has declined in popularity over the years, it has long been a favorite among enterprises.

"Open source is everywhere in financial services," noted Cara Delia, principal vertical community architect for Red Hat. "Being able to grab the attention of the leaders within the organization is going to help with security issues."

When a vulnerability was discovered last year in a commonly used open source program, the Apache Software Foundation's Log4j, bank technologists responded quickly and fixed the vulnerability."Financial institutions were able to answer the needs from a security perspective so quickly because they were modern enough to have open source policies and governance around their activities, contribution and consumption" of open source software, she said.

Institutions still face barriers when considering adopting open source software. The No. 1 obstacle cited in another 2022 survey, this one conducted by software company OpenLogic by Perforce, was "a lack of internal skills to test, use, integrate and support" such projects. The survey included responses from 2,600 software professionals and managers from across all industries and regions, primarily focused on technology companies but also including responses in the financial sector.

While institutions stand to gain by adopting open source code, one benefit of open source software that corporate leaders cannot overlook is the benefit that the developers — the people actually using and building the code — stand to gain from it. That is according to Colin Eberhardt, chief technology officer at the consulting firm Scott Logic.

For one thing, giving developers the opportunity to contribute to open source projects gives them more visibility and cachet in the field. A code commit on an open source project acts as a public signal that a developer is making important contributions to a project that others rely on for their own work, and that is its own reward.

"Taking your code, open sourcing it, and seeing a significant number of other organizations, people benefiting from your hard work, that is fun. That is rewarding," Eberhardt said.

For reprint and licensing requests for this article, click here.
Open source Software development Technology
MORE FROM AMERICAN BANKER