The extensive use of open source in commercial software requires engineering executives to set processes and measures that will enable their organization and their customers to make the most of what open source can offer without assuming the accompanying risks.
See how Temenos manages their open source components.
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
How temenos manages open source use, the easy way combined
1. How Temenos Manages Open
Source Use, the Easy Way
Martin Bailey, Product Director –
Enterprise Software, Temenos Group
AG
Rami Sass is CEO and Co-Founder of
WhiteSource
2. Agenda and Logistics
Temenos
Effortless management of open source components
WhiteSource Demo
Q&A
Please type questions in the control bar
Full answers will be sent by email
4. 4
Innovation
led
World’s
leading banking
software
company
World class
delivery
No.1
2000+
installations in
150+ countries
469m USD
revenues
in 2014
4,000+
employees in
72 international
offices
135 go lives in 2014
Strength and depth:
1,000+ consultants, 100
concurrent projects
Community of 2,000+
certified partner consultants
Highest level of R&D
in the industry to
drive innovation
Regular software
upgrade strategy
Passion for standards
and openness
Temenos – a global market leader
5. 5
Powerhouse in financial software
500 million
US$115m
38
US$5 trillion
of top 50 banks use Temenos
In annual R&Din assets processed through Temenos software
customers rely on Temenos for
daily banking needs
6. 6
Nice to meet you
Martin Bailey
Product Director – Enterprise Software at Temenos
• Leads team of product groups and architects
• In charge of the technology that is the basis for all
of Temenos’ solutions
7. 8
Looking for the Right Solution
The manual option: error prone and time consuming
Looked for an open source management solution that:
• Provides an always up-to-date open source report
• Offers full licenses, compliance, security alerts and
version information
• Enables continuous vetting of open source
components as they are added
• Easy to use
• Saves time
• Low cost of ownership
8. 9
Open source inventory and vetting
Error prone WhiteSource automatically discovers all of open
source components, including dependencies
Time consuming Always up-to-date inventory on hand
Report is a button click away
Before After
9. 10
License Compliance
No way of vetting open source components before they
are used
A policy was set in the WhiteSource system with a
black list of forbidden licenses and a white list of
permitted licenses
If a forbidden license is discovered, development time is
wasted
Based on lists, open source components are vetted
as they are added by developers (during the build)
Before After
10. 11
Security Vulnerabilities and New Versions
Occasional manual search for security vulnerabilities WhiteSource alerts on security vulnerabilities, fixes
and new versions for all components used
Before After
11. 12
The WhiteSource Implementation
Install plugin < 1 hour
Set up policy – 30 minutes
--------------------------------------
< 90 minutes start
to finish
Reward: open source
serenity
Up-to-date accurate report, on hand at all
times
License compliance issues in check
Open source vulnerabilities and new
version alerts
13. Open source is great...
If used right, open source components substantially boost
developers productivity
Focus on core capabilities
Rely on true and tested code
*Source: Gartner User Survey Analysis: Open-Source Software, Worldwide
According to Gartner, 85% of commercial software vendors rely heavily on open
source to boost productivity and remain competitive*
14. But, if Improperly Managed…
License Risks and Compliance Issues
Security Vulnerabilities, Quality risks and
compliance Issues
Eat into the value of open source, and bring
substantial legal, technical, and business risks
15. License Risks and Compliance
Difficult to properly track all open source and comply with their licenses
Large gaps between reported and actual*
Difficult to identify all dependencies, which may have different license
(64%)*
Difficult to enforce licensing policy*
*WhiteSource data
Open source is free, but comes with a license. Incompliance
results in legal, security, and business risks.
16. Security Vulnerabilities
Defects and vulnerabilities exist in open source as in any software
70% of apps include vulnerabilities*
Defect rate in open source is similar to other applications*
Everyone tests their own code.
But, testing open source is “out of process” for most developers. When a fix
vulnerability is detected, they will never know, nor update to fix it
24% of commercial software includes vulnerable open source libraries**
85% of projects have outdated open source libraries**
Sources: *Coverity, Veracode, **WhiteSource
If your product contains vulnerable open source libraries, your
product is vulnerable. Period.
18. License Risks And Compliance
Automatically detect and document open
source inventory
Automatically identify all licenses,
including dependencies
Automate enforcement of organizational
license policy
Automate documentation during version
release
19. Security and Quality
Proactive alerts on security
vulnerabilities that affect you
Proactive alerts on fixes and
new versions
Detect libraries that you no
longer use
20. Automatic. Easy. Agile.
Integral part of your development lifecycle
Wide range of OOTB plugins to leading build tools
Send signatures of libraries (not the code!) to WhiteSource
Entire open source content is discovered and categorized
Open source policy can be enforced (including stop build)
Take developers out of the loop
Saves time. Lets developer focus on their work.
Increase precision and timeliness. Reduce errors.
Temenos Group
Market leading financial services software provider
Public company
2014 Revenue $468.7M
Selling to banks and other financial institutions
~1500 engineers
OK – so I guess this is where we say why they ‘buy’ from us rather than build
We really have to position the benefits of the platform approach here underpinning our out of the box solutions . . So key benefits versus other two options are
Rapid deployment of pre-packaged solutions (Retail, Corporate & Wealth) – Time to market
Only provider with solutions underpinned by UXP - f
Low risk, low cost of ownership
Highly customisable
Enterprise scalable, performant with stringent security
Maximum business re-use across the enterprise
Future proof platform
Multi-host
Seamless integration with T24
In the middle we reinforce credibility of Temenos – something like:
Work with experts in banking technologies driving innovation providing end to end solutions from back to front for over 1200 banking customers across the globe