4466482623_6aea29d90a_b

SQS: FiServ Mobile Apps and Open Source Software

December 11, 2024         By: Julian Brook

A recent study carried out by IT analyst firm Forrester of 542 developers suggested that as many as 92% of banks have been using open source software (OSS) to develop mobile apps.

 

Indeed, open source software is helping financial institutions in many different ways including:

1. Faster customer uptake: releasing code to the open source community can encourage developers to embed a new service into a wide variety of applications, web sites and services.

2. Bring software to market more quickly: open source software is often at the forefront of new technology, so organisations benefit by bringing new services and features to market more quickly.

3. Improve flexibility: open source software tends to use open standards and therefore reduces vendor or technology lock in.

4. Reduce development costs: using open source not only means reducing software purchasing costs, it also means less development effort, less testing effort and over time reduced maintenance effort.

5. Improve quality: using software that has already been proven in the field reduces the likelihood of quality issues. Access to source code also reduces dependency on a third party and empowers users to either fix issues directly or ask the community of developers if they are unable to resolve an issue.

 

The risks of using open source in mobile payments

However, without the right governance processes, open source does present risks which can impact brand, competitive advantage and the bottom line. Risks increase when open source has been used in an ad-hoc and unstructured manner, and include:

1. Legal: users need to ensure that any open source software use is in compliance with each and every license.

2. Intellectual Property: some open source licenses require their license terms to be applied either to the entire piece of software the open source is included in or to any modifications made to the open source code. This reciprocal concept is also known as “copyleft” and some commentators refer to these types of licenses as “viral licenses.”

3. Security: it is worth noting that open source code is often argued to bring security benefits due to its open, peer reviewed nature, and the speed of security fixes. However, without knowing what code and components are in use, how can an organisation and its customers be protected from new security threats in those components?

4. Quality: as with all code, some is well written adhering to good software engineering practices and coding standards and accompanied by good unit tests and documentation while other software may fall short of expected standards, may not be a suitable technical fit for the overall software architecture or may lead to technology proliferation.

 

Governing Open Source

Many financial organisations have no strategy, policy or process in place for the governance of open source. This means they are at best using open source in a non-strategic manner, or worse, still proactively avoiding its use. The result is that open source is unlikely to be delivering the maximum business benefit.

As developers from the Internet can easily download open source software, free of charge, the due diligence that would usually be overseen by the procurement department when bringing third party software into an organisation is not undertaken. This leads to unmanaged risks.

Having a policy and process to maximise and govern positive open source use helps organisations to realise the full benefits of open source and manage the risks appropriately. Initially, the organisation needs a clear vision and strategy on the levels of engagement with open source.

Key questions include:

• how will open source be consumed?

• how will teams contribute to open source projects?

• how does open source align with business strategy?

 

Answers can inform the policy and process, and determine how to:

• align technical, legal, security, procurement and other teams to achieve a suitable level of due diligence when selecting open source and automate decisions around open source as much as possible

• avoid introducing issues and risk in the first place

• detect and catalogue open source usage as software is developed

Good open source software development governance brings further benefits such as increased standardisation of the code and components in use across an application estate; this helps focus technical knowledge and expertise of open source software used and increases resource flexibility across the organisation.

 

 

Julian Brook, Associate Director, SQS Group

A seasoned consultant, with over 15 years’ experience in IT, who is passionate about improving the quality and effectiveness of software development. Julian has a good knowledge of UK m-payment landscape including experience working on m-payments solutions for Monitise and Barclays, as well as exploring and discussing the opportunities and risks of Open Source software with the Payments Council, Vocalink and Pinsent Masons.

 

Julian has expertise in implementing and improving testing and quality in more than 50 projects across a variety of industry sectors and systems with focus on improved quality and effectiveness.