Adopting open source tools can mean more efficient and collaborative workflows, helping teams focus on products that are both secure and forward-thinking, Cau said.

Banks and financial institutions should look to open source technology to enhance the reliability, convenience and security of their products, particularly as consumer behaviour and expectations evolve, Pierluigi Cau told finews.asia in a conversation.

The director of solutions engineering Asia Pacific at GitHub, a code hosting platform for version control and collaboration, discussed the myths and misconceptions of open source security that are hindering its widespread adoption among banking, financial services and insurance firms in the region.

Pierluigi Cau, what are the main myths and misconceptions of open source technology that have so far limited its wider adoption in among financial institutions?

A common misconception about open source tools is that they are less secure than closed alternatives. It is in our nature to believe that our belongings are best kept safe under lock and key, and for some, this can lead to a perception that open source tools are less secure by design. This can’t be further from the truth – security is seen as a key benefit for companies using open source.

More pairs of eyes on open source projects also means greater scrutiny on the code for possible vulnerabilities. The open source and security communities have grown immensely and become very efficient in working together to review, identify and fix issues by leveraging automation to discover and remediate security vulnerabilities in codebases.

Building a culture of collaboration internally not only increases security but it promotes innovation as well.

The same open and collaborative approach can benefit banks and financial institutions, which tend to have strict security requirements. Building a culture of collaboration internally not only increases security but it promotes innovation as well.

Do firms lose a competitive advantage when they let go of proprietary tech?

There is a belief that collaboration and competition are unlikely partners in an industry known to be furiously protective of its proprietary intellectual property. But financial services firms can build software securely by leveraging the open source community’s collective responsibility for developing and maintaining secure code. Teams can rely on existing open source projects to reduce the amount of time and financial resources needed to create secure and innovative products.

Financial services firms can build software securely by leveraging the open source community’s collective responsibility for developing and maintaining secure code. 

Using open source methods and tools can also significantly improve collaboration within teams, enabling them to work across different time zones, as well as organisational boundaries. By giving individuals across different teams a space to contribute unique ideas based on their expertise, these firms can develop innovative products, features, or even solutions for legacy issues.

How should financial services firms approach the adoption of open source technology in their digitalisation journey? 

Banks and financial services firms need to change the way developers and security teams work together to efficiently build and maintain digital products and services. To remain competitive, banks and financial institutions must adopt a shared responsibility mindset to boost the reliability and security of their digital products and services while maintaining velocity. This is at the heart of what we typically refer to as DevSecOps.

Security must be seen as a collective responsibility that requires collaboration from all parties involved in the development life cycle. The key to the success of any software development process is embedding security into every step of the process. By doing so, security vulnerabilities can be found and fixed before the software makes its way into production, facilitating the development of more secure, and in turn, reliable software. Leaders can accomplish this by breaking down silos and introducing collaborative practices and tools.

Financial services institutions can also benefit greatly from the increased speed of detection and enhanced incident responses by using automated error or bug reporting tools. Additionally, fully automated Continuous Integration and Delivery (CI/CD) tools allow developer and security teams to run tests and evaluate new codes, ensuring that any proposed changes do not bring vulnerabilities to existing products. Integrating these tools into open source development processes will create a consistent, repeatable and transparent build environment.

Pierluigi Cau is Director of Solutions Engineering APAC, at GitHub, where he leads the solutions engineering teams across the region. Pierluigi is passionate about building products and fostering high performing, collaborative  teams. Prior to joining GitHub, Pierluigi drove  technology initiatives, leading several global developer teams at Scandinavian digital media holding, Schibsted Media Group. During his tenure, Pierluigi was instrumental in driving product development and deployment projects, and his experience also includes stints at Mesosphere and Negative Labs.