Skip to main content

Open Source Security for
Financial Services & FinTech

Don’t leave your customer, systems
and reputation at risk.

Follow These Best Practices

Financial Services and FinTech companies rely heavily on open source to deliver innovative products and services, but untracked open source components and vulnerabilities expose your applications to significant risk of security breaches and compliance violations.

Hackers Use Open Source Vulnerabilities to Compromise Financial Services

Financial organizations yield the highest number of data breaches annually across all industries, most often through web application attacks from malicious hackers.1 In March 2017, GMO Payment Gateway experienced a data breach from an Apache Struts vulnerability, resulting in the loss of 676,290 records. Financial firms like American Funds and Venmo have confirmed a period of exposure to the Heartbleed vulnerability. POODLE was found to have threatened Bank of America, Citibank, Vanguard, and dozens of sites run by Experian. In fact, data shows that twenty percent of financial companies have at least one CVE, with 72% vulnerable to POODLE, 38% to DROWN, and 23% to FREAK.2

Are Your Applications at Risk?

Black Duck analysis shows that many financial services applications are.

Download the Report

52

open source vulnerabilities per application

4 Years

average age of vulnerabilities in applications

60%

of vulnerabilities in financial applications are high-severity

Open Source Breaches Hurt Your Company in Many Ways

The cost of financial application breaches is among the highest of any industry, with an average cost per compromised record of $221.3 These costs stem from regulatory fines, forensic audits, remediation efforts, and litigation.

Regulatory compliance standards – like Sarbanes-Oxley, Gramm-Leach-Bliley, PCI DSS, Basel II, the ISO 27000 series, and EU GDPR – are rapidly evolving to address financial cybersecurity risks. New regulations require you to enforce vulnerability management practices and to track your open source usage, and governing bodies are extending these requirements up the software supply chain, holding both you and your vendors accountable for any compromised data and failed security measures.

However, the most significant cost of a high-profile breach can often be irreparable damage to your brand reputation and customer trust. Once lost, it can be difficult, if not impossible, to regain that trust.

 

  • We wanted a solution that could seamlessly integrate with our technology stack, was easy to use, and provided relevant feedback on mitigating any threats found in the open source used in our code, and we wanted that to happen as early as possible in the development cycle.

    - Gerhard Oosthuizen, Chief Information Officer, Entersekt

Secure and Manage Open Source with Black Duck

Don’t leave your customers and your company at risk. Ensure your applications are free of open source vulnerabilities. With Black Duck, you can build fast and stay secure by automating and integrating open source management throughout the SDLC.

  • Discover and track all open source within your applications and containers
  • Prevent current known vulnerabilities from making their way into apps in development, and get same-day notification of new vulnerabilities that affect apps in production
  • Prioritize vulnerabilities based on application profiles and analyze remediation and upgrade options
  • Identify license compliance, code quality, and usage risks leveraging the industry’s most comprehensive knowledgebase of open source intelligence
  • Define open source security and license policies and automate enforcement as part of your DevOps tool chain
The GDPR & Open Source Security Management
Guides & Tutorials

The GDPR & Open Source Security Management

Demonstrate comprehensive GDPR observance that includes open source security management.

View Now
Safeguard Sensitive Information in Your Financial Applications
Reports & Analysis

Safeguard Sensitive Information in Your Financial Applications

Enhance financial cybersecurity and avoid a data breach with open source management.

View Now
Entersekt: Automating Open Source Vulnerability Management
Case Studies

Entersekt: Automating Open Source Vulnerability Management

Entersekt moved code validation earlier in the SDLC & automated open source vulnerability management.

View Now