Open Source in Finance Forum London 2024

Choosing between Open source vs proprietary for enterprise solutions has always been a battle of pros and cons of both the paradigms. Though open source promises to generally boost flexibility, agility and happens to be cost-effective as well, there are increased concerns around the trust worthiness of Open source components. Due to the nature of open source components, the surface area of potential attacks are also relatively high especially when these are employed by financial firms. These become hotspots for attackers to gain access to sensitive data. Thus, the problem statement reduces to a "supply chain" problem. This presentation provides an insight into exploitation methods employed by attackers specifically in the context of Open source components (with specific focus on Supply Chain attack), risk identification and mitigation strategies (Secure SDLC practices with focus on Supply chain security). In order to effectively identify relevant risk(s), it is important to defend the OSS components through out the lifecycle.The presentation also focusses on best practices which includes a novel approach to ensure OSS maturity via a checklist and appropriate control gates.