The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Tech Matters with Pete Harris: Risk and Reward in An Open Source World

I just read the latest from Michael Lewis, and while I can’t say I’m fully in agreement with regard to his “rigged market” position, I did find Flash Boys to be a pretty good basic description of high frequency trading and the technologies that underpin it. It was not, however, the main HFT focus that caught my attention but rather the couple of pages it devoted to chastising Goldman Sachs for its attitude to open source.

Goldman – as detailed in a chapter devoted to its one-time employee Sergey Aleynikov, who was subsequently found guilty of source code theft – is seemingly a significant taker but never a giver back when it comes to leveraging open source. That apparently had a bearing on Aleynikov’s sense of right and wrong when he emailed the code to himself, which cost him an eight year jail sentence.

The giver and taker dynamic of open source was of course highlighted recently by the Heartbleed Bug that affected the OpenSSL code used for (supposed) secure web transactions. It seems that while the code is very widely used by many big name e-commerce sites, it is maintained by just a handful of IT geeks, all working for free in their spare time. One of them made a simple mistake and introduced the bug, and no one was around to spot it. Hence the concept of software quality through community peer review – a central tenet of the benefits of open source – was dealt a major credibility blow.

Since Heartbleed came to light, steps have begun to be taken to address the open source quality issue, most notably by the Linux Foundation setting up the Core Infrastructure Initiative to financially reward developers for working on key pieces of open source software. Given that it’s backed by the likes of IBM, Google, Facebook, Cisco Systems, Intel, Microsoft and VMware, it gives one an idea of how important open source is to the major providers of IT to the world, and perhaps who else may have been net takers from the community.

For those that leverage open source for revenue generating and secure applications – and in the financial markets Goldman is hardly alone – then some simple best practices need to be considered. For starters, determine whether the source code is backed by commercial support services, such as those provided by Red Hat for the Linux operating system and JBoss middleware, and other open source systems software. Alternatively, it is important to establish what real, active and effective community exists to maintain and enhance the code – a process that all those users of OpenSSL clearly fell down on.

Getting back to Goldman, it’s interesting to note that it is active (giving, at least through offering its time and experience) in another facet of open source, that being open source hardware as exemplified by its membership of the Open Compute Project. Set up in April 2011 by Facebook, the OCP is now a broad community with a mission to “democratize access to the best server, storage and data center technologies available” through “openly sharing ideas, specifications and other intellectual property.”

At its roots, the mission of the OCP is to reduce costs of purchasing and operating data centre hardware. Facebook alone reckons the initiative has already saved it $1.2 billion in costs. Corporate members – 150+ at last count – now include IT heavyweights like Intel, Arista Networks and Microsoft, while financial markets players apart from Goldman include Bloomberg and Fidelity Investments. Through a new tiered model, corporate members typically contribute money, time or IP to secure membership at different levels.

Already, the OCP has published specifications for server motherboards (including some specifically for typical financial services workloads), storage and equipment racking. Specs for data centre networking are also being worked on.

The Open Compute initiative is just one of a number of ‘open’ IT thrusts that are gaining momentum as a result of strong corporate champions and focused goals and efforts. The Open Data Centre Alliance and OpenStack – for cloud computing – and OpenPOWER – to advance IBM’s POWER chip architecture (now its getting out of the x86 space) – are a couple of examples. Hopefully through these types of initiatives, Heartbleed will be shown to be an isolated incident, and not the tip of an iceberg.

Pete Harris is Principal of Lighthouse Partners, an Austin, TX-based consulting company that helps innovative technology companies with their marketing endeavors.

Related content


Recorded Webinar: How Financial Institutions can adjust to working in the New Normal

The very sudden impact of Covid-19 and resultant shutdown of physical sites has stress-tested financial institutions and vendors to their limits. Now banks and firms are slowly starting to re-open offices. But what will the new normal look like and what steps should you be taking now to make the most of this situation? This...


Practitioners Discuss Use of Cloud Technologies for Signal Extraction

Capital markets firms’ appetite for cloud technologies is growing apace, driven by the promise of improved efficiency, reduced costs, faster development of new products and services, and the ability to do all of this at scale. Cloud usage within the financial markets is growing across a wide range of business areas. Firms are exploring how...


RegTech Summit London

Now in its 5th year, the RegTech Summit in London explores how the European financial services industry can leverage technology to drive innovation, cut costs and support regulatory change.


Regulatory Data Handbook 2014

Welcome to the inaugural edition of the A-Team Regulatory Data Handbook. We trust you’ll find this guide a useful addition to the resources at your disposal as you navigate the maze of emerging regulations that are making ever more strenuous reporting demands on financial institutions everywhere. In putting the Handbook together, our rationale has been...