The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source in Finance Forum London 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in British Summer Time. To see the schedule in your preferred timezone, please select from the drop-down menu to the right above "Filter by Date."
Choosing between Open source vs proprietary for enterprise solutions has always been a battle of pros and cons of both the paradigms. Though open source promises to generally boost flexibility, agility and happens to be cost-effective as well, there are increased concerns around the trust worthiness of Open source components. Due to the nature of open source components, the surface area of potential attacks are also relatively high especially when these are employed by financial firms. These become hotspots for attackers to gain access to sensitive data. Thus, the problem statement reduces to a "supply chain" problem. This presentation provides an insight into exploitation methods employed by attackers specifically in the context of Open source components (with specific focus on Supply Chain attack), risk identification and mitigation strategies (Secure SDLC practices with focus on Supply chain security). In order to effectively identify relevant risk(s), it is important to defend the OSS components through out the lifecycle.The presentation also focusses on best practices which includes a novel approach to ensure OSS maturity via a checklist and appropriate control gates.