In partnership with Mend, the Fintech Open Source Foundation (FINOS) recently published its report, “The 2022 State of Open Source in Financial Services.” The report serves up a set of fascinating insights into the pace of open source adoption in the financial services sector. From optimizing benefits to overcoming obstacles, the report provides a valuable snapshot of open source software adoption in finance. Here’s a quick look at the report’s key findings.

Every federal administration for the past 20 years has issued a cybersecurity strategy, so in one sense the National Cybersecurity Strategy issued by the Biden administration on March 2, 2023 is not unexpected. The big difference, however, lies in the recommendations: For the first time, the government is pressing for regulatory mandates on key industry sectors that control wide swathes of critical infrastructure nationwide.

Recent high-profile software supply chain breaches have sharpened the focus on application security. But as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce the number of vulnerabilities that now routinely make it into production applications. However, real life is a little messier.

Threat actors will always target the things most important to businesses, and today, that means applications–the lifeblood of the global economy. As the recent Mend Open Source Risk Report reveals, the ongoing rise in open source vulnerabilities and software supply chain attacks presents significant business risk. The number of open source vulnerabilities are growing, just as threat actors are launching increasingly sophisticated attacks.

Continuous integration/continuous delivery (CI/CD), promises to help deliver software faster and more reliably. It does this by pushing frequent updates and fixes regardless of size and using automation tools to help the process run smoothly. According to Gartner, CI/CD is the most common agile practice currently being adopted by organizations. So how does CI/CD work and why is it critical for DevOps teams?

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program, you need to build one. But how do you make sure that your program will be effective?

Effectively managing the many open source licenses used in enterprise software is a complex task that requires a thorough evaluation of key features in software license management tools. After that, you need to implement the technology using several best practices. In this blog post, let’s take a brief look at both.

Threat actors today are increasingly targeting the application layer, driving significant challenges for companies using traditional application security strategies. To defend themselves against the rapidly evolving threat landscape, organizations need to build a modern AppSec strategy that addresses these fast-changing conditions. But how?

The containerization of software and applications continues to escalate, and although alternatives have emerged to challenge Docker, it continues to enjoy major adoption by developers for building and sharing software and apps. In 2022, Docker estimated that 44% of developers are using some form of continuous integration and development with Docker containers.

More and more companies are using more and more open source. The stats I’ve seen say seventy to seventy-five percent of all applications use open source or have some type of open source associated with them. I think that number is actually higher. Of all the companies that I’ve worked for, just about every single application has some type of open source associated with it.