Open Source in Finance Forum London 2024

This talk highlights the latest regulatory requirements for OSS management in the financial sector, emphasises the importance of implementation and introduces guidelines, with a focus on ISO 18974. Security incidents over the past years have shown the consequences of vulnerabilities within the OSS ecosystem and painfully exposed that many organisations are still not adequately managing the security of OSS. In this regard, financial institutions are exposed to a high risk, as they are not only part of the critical infrastructure but also of a complex supply chain within the interbank market. Regulators react to the increasing cyber security risks, e.g. by the "US Executive Order on Improving the Nation's Cybersecurity" and EU "Cyber Resilience Act (CRA)" and the "Digital Operational Resilience Act (DORA)". Organisations are now facing the challenge to implement measures for OSS security management to mitigate those risks, but also to fulfil legal requirements, avoid penalties and meet their customers' demands for transparency. ISO 18974 provides valuable guidance on the measures to be taken and thereby increase security within the software supply chain.