The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Tech Matters with Pete Harris: Risk and Reward in An Open Source World

I just read the latest from Michael Lewis, and while I can’t say I’m fully in agreement with regard to his “rigged market” position, I did find Flash Boys to be a pretty good basic description of high frequency trading and the technologies that underpin it. It was not, however, the main HFT focus that caught my attention but rather the couple of pages it devoted to chastising Goldman Sachs for its attitude to open source.

Goldman – as detailed in a chapter devoted to its one-time employee Sergey Aleynikov, who was subsequently found guilty of source code theft – is seemingly a significant taker but never a giver back when it comes to leveraging open source. That apparently had a bearing on Aleynikov’s sense of right and wrong when he emailed the code to himself, which cost him an eight year jail sentence.

The giver and taker dynamic of open source was of course highlighted recently by the Heartbleed Bug that affected the OpenSSL code used for (supposed) secure web transactions. It seems that while the code is very widely used by many big name e-commerce sites, it is maintained by just a handful of IT geeks, all working for free in their spare time. One of them made a simple mistake and introduced the bug, and no one was around to spot it. Hence the concept of software quality through community peer review – a central tenet of the benefits of open source – was dealt a major credibility blow.

Since Heartbleed came to light, steps have begun to be taken to address the open source quality issue, most notably by the Linux Foundation setting up the Core Infrastructure Initiative to financially reward developers for working on key pieces of open source software. Given that it’s backed by the likes of IBM, Google, Facebook, Cisco Systems, Intel, Microsoft and VMware, it gives one an idea of how important open source is to the major providers of IT to the world, and perhaps who else may have been net takers from the community.

For those that leverage open source for revenue generating and secure applications – and in the financial markets Goldman is hardly alone – then some simple best practices need to be considered. For starters, determine whether the source code is backed by commercial support services, such as those provided by Red Hat for the Linux operating system and JBoss middleware, and other open source systems software. Alternatively, it is important to establish what real, active and effective community exists to maintain and enhance the code – a process that all those users of OpenSSL clearly fell down on.

Getting back to Goldman, it’s interesting to note that it is active (giving, at least through offering its time and experience) in another facet of open source, that being open source hardware as exemplified by its membership of the Open Compute Project. Set up in April 2011 by Facebook, the OCP is now a broad community with a mission to “democratize access to the best server, storage and data center technologies available” through “openly sharing ideas, specifications and other intellectual property.”

At its roots, the mission of the OCP is to reduce costs of purchasing and operating data centre hardware. Facebook alone reckons the initiative has already saved it $1.2 billion in costs. Corporate members – 150+ at last count – now include IT heavyweights like Intel, Arista Networks and Microsoft, while financial markets players apart from Goldman include Bloomberg and Fidelity Investments. Through a new tiered model, corporate members typically contribute money, time or IP to secure membership at different levels.

Already, the OCP has published specifications for server motherboards (including some specifically for typical financial services workloads), storage and equipment racking. Specs for data centre networking are also being worked on.

The Open Compute initiative is just one of a number of ‘open’ IT thrusts that are gaining momentum as a result of strong corporate champions and focused goals and efforts. The Open Data Centre Alliance and OpenStack – for cloud computing – and OpenPOWER – to advance IBM’s POWER chip architecture (now its getting out of the x86 space) – are a couple of examples. Hopefully through these types of initiatives, Heartbleed will be shown to be an isolated incident, and not the tip of an iceberg.

Pete Harris is Principal of Lighthouse Partners, an Austin, TX-based consulting company that helps innovative technology companies with their marketing endeavors.

Related content


Upcoming Webinar: Opportunities of new approaches to electronic trading

Date: 9 December 2021 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Challenged by legacy systems, less than ideal workflows and high costs, front-office trading teams lack the ability to adapt to clients’ evolving needs around integration, speed and multi-asset capabilities. They are also challenged by a capital markets environment characterised...


IHS Markit Connects Corporate Actions Solution to DTCC ISO 20022 Messaging Platform to Improve Process Automation

IHS Markit is aiming to simplify and automate corporate actions by connecting its Corporate Action SaaS solution to DTCC’s ISO 20022 messaging platform. The connection will provide direct delivery of corporate actions ISO 20022 formatted messages from the DTCC platform to the IHS Markit solution, giving DTCC users improved straight through processing for corporate actions....


RegTech Summit Virtual

The RegTech Summit Virtual is a global online event that brings together an exceptional guest speaker line up of RegTech practitioners, regulators, start-ups and solution providers to collaborate and discuss innovative and effective approaches for building a better regulatory environment.


Trading Regulations Handbook 2021

In these unprecedented times, a carefully crafted trading infrastructure is crucial for capital markets participants. Yet, the impact of trading regulations on infrastructure can be difficult to manage. The Trading Regulations Handbook 2021 can help. It provides all the essentials you need to know about regulations impacting trading operations, data and technology. A-Team Group’s Trading...