The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Tech Matters with Pete Harris: Risk and Reward in An Open Source World

I just read the latest from Michael Lewis, and while I can’t say I’m fully in agreement with regard to his “rigged market” position, I did find Flash Boys to be a pretty good basic description of high frequency trading and the technologies that underpin it. It was not, however, the main HFT focus that caught my attention but rather the couple of pages it devoted to chastising Goldman Sachs for its attitude to open source.

Goldman – as detailed in a chapter devoted to its one-time employee Sergey Aleynikov, who was subsequently found guilty of source code theft – is seemingly a significant taker but never a giver back when it comes to leveraging open source. That apparently had a bearing on Aleynikov’s sense of right and wrong when he emailed the code to himself, which cost him an eight year jail sentence.

The giver and taker dynamic of open source was of course highlighted recently by the Heartbleed Bug that affected the OpenSSL code used for (supposed) secure web transactions. It seems that while the code is very widely used by many big name e-commerce sites, it is maintained by just a handful of IT geeks, all working for free in their spare time. One of them made a simple mistake and introduced the bug, and no one was around to spot it. Hence the concept of software quality through community peer review – a central tenet of the benefits of open source – was dealt a major credibility blow.

Since Heartbleed came to light, steps have begun to be taken to address the open source quality issue, most notably by the Linux Foundation setting up the Core Infrastructure Initiative to financially reward developers for working on key pieces of open source software. Given that it’s backed by the likes of IBM, Google, Facebook, Cisco Systems, Intel, Microsoft and VMware, it gives one an idea of how important open source is to the major providers of IT to the world, and perhaps who else may have been net takers from the community.

For those that leverage open source for revenue generating and secure applications – and in the financial markets Goldman is hardly alone – then some simple best practices need to be considered. For starters, determine whether the source code is backed by commercial support services, such as those provided by Red Hat for the Linux operating system and JBoss middleware, and other open source systems software. Alternatively, it is important to establish what real, active and effective community exists to maintain and enhance the code – a process that all those users of OpenSSL clearly fell down on.

Getting back to Goldman, it’s interesting to note that it is active (giving, at least through offering its time and experience) in another facet of open source, that being open source hardware as exemplified by its membership of the Open Compute Project. Set up in April 2011 by Facebook, the OCP is now a broad community with a mission to “democratize access to the best server, storage and data center technologies available” through “openly sharing ideas, specifications and other intellectual property.”

At its roots, the mission of the OCP is to reduce costs of purchasing and operating data centre hardware. Facebook alone reckons the initiative has already saved it $1.2 billion in costs. Corporate members – 150+ at last count – now include IT heavyweights like Intel, Arista Networks and Microsoft, while financial markets players apart from Goldman include Bloomberg and Fidelity Investments. Through a new tiered model, corporate members typically contribute money, time or IP to secure membership at different levels.

Already, the OCP has published specifications for server motherboards (including some specifically for typical financial services workloads), storage and equipment racking. Specs for data centre networking are also being worked on.

The Open Compute initiative is just one of a number of ‘open’ IT thrusts that are gaining momentum as a result of strong corporate champions and focused goals and efforts. The Open Data Centre Alliance and OpenStack – for cloud computing – and OpenPOWER – to advance IBM’s POWER chip architecture (now its getting out of the x86 space) – are a couple of examples. Hopefully through these types of initiatives, Heartbleed will be shown to be an isolated incident, and not the tip of an iceberg.

Pete Harris is Principal of Lighthouse Partners, an Austin, TX-based consulting company that helps innovative technology companies with their marketing endeavors.

Related content


Recorded Webinar: Data Standards – progress and case studies

Global data standards and identifiers are essential to business growth, market stability and cost reduction – but they can be challenging to implement, while a lack of consistency across jurisdictions has presented obstacles to global take-up. However, with regulators starting to sit up and take note, the issue of data standards is coming increasingly to...


CJC Goes ‘Cloud First’, with Google Cloud Migration

CJC, specialists in market data technology consulting and services, has completed a full migration of its managed service tooling and products to the public cloud, and will now operate a ‘cloud-first’ policy for all internal systems and products. In the process, CJC has also migrated its client base to the public cloud. Previously, the company’s...


RegTech Summit New York City

Now in its 5th year, the RegTech Summit in NYC explores how the North American financial services industry can leverage technology to drive innovation, cut costs and support regulatory change.


Applications of Reference Data to the Middle Office

Increasing volumes and the complexity of reference data in the post-crisis environment have left the middle office struggling to meet the requirements of the current market order. Middle office functions must therefore be robust enough to be able to deal with the spectre of globalisation, an increase in the use of esoteric security types and...