 This has been put together a little bit hastily as you can understand we thought we might have more people here than have been physically able to travel. This was supposed to be sort of launching the state of open source survey. It's not a terribly well kept secret because GAB keeps telling people about it and telling you all the results already. So what we're starting with is a short video from Linux Foundation Research, a lady called Hillary who did a fantastic job of shepherding and organising people like ourselves to put this survey together. So we're going to start with a short video presentation then myself and Jill are going to talk through a few bits and pieces from the report itself. So if you could play the video that would be fantastic and we shall become audience members once again. Good afternoon Open Source Strategy Forum. My name is Hillary Carter. I'm the VP of Research at the Linux Foundation and it is my pleasure to introduce LF Research and the work that we did with Phenos in one of our very first projects. I wish I could be doing this in person because there's nowhere I would rather be than with you all in London, England, the greatest city in the world. Give me a moment as I share my screen and we'll get started. Right then, LF Research. This new unit of the Linux Foundation was established earlier this year. Jim Zemlin and the LF team had a vision to create the definitive repository of data and insights into Open Source, the technologies, the standards and the collaboration that underpins the global economy and in doing so creating a set of deliverables that would inspire more participation in these ecosystems and projects that would inform strategy, could inform policy, but most of all it could dispel myths and misperceptions of what Open Source is and what it is not and provide a more fulsome picture of both the opportunities and the challenges of the Open Source paradigm. So we launched the program in April and our collaboration with Phenos is one of the first research projects that we pursued. The way we go about our research is to conduct it along three categories of analysis, the first being industry vertical, which is of course where the Phenos project would fall in the financial services vertical. We also conduct research along technology horizontal lines, no shortage of technologies to explore, as well as how these technologies converge. And for those subjects that don't fall neatly into industry vertical or tech horizontal, we call these ecosystem projects. Topics such as cybersecurity or climate, diversity, equity and inclusion, identity and governance and leadership and no end of content. So we look forward to publishing content along these lines and filling out this roster for future use. This is a tool that is designed to benefit all in our communities and create another example of shared value. And because research is the team sport, there's no greater example of that than the work we did with Phenos. So we came together as a team led by Phenos and we were joined by Phenos partners, GitHub, WePro, Scott Logic and of course myself from LF Research, my colleague Steve Hendrick. And we got about the business of defining the research project plan and the vision and the scope of the work. We were committed to creating a survey as well as doing quantitative research, all with the idea to create a baseline study in the state of open source in the financial services sector. The focus on banks and asset managers and hopefully what we would do in the process is create an opportunity for future studies to be compared against this year's results and to be able to show trends and very possibly growth and have this sort of baseline. We launched our survey in June by way of social media posts and blog announcements right across the community. All of our partners shared the survey along their channels. We did email outreach, direct email campaigns to certain segments to identify qualified respondents. And our survey closed just following the Phenos member meeting in July. Our final sample size was 208 respondents and we're very pleased with the results. I want to thank all of you. If you took the time to participate in the survey, it's very much appreciated and good quality data is hard to come by. So thanks to all who participated. We're very pleased to present a presentation of the survey findings as one of our core deliverables. You can see that this slide is an example of the demographic summary of the financial services respondents with our sample size being 208 and the various data by segment. We're also pleased to publish an in-depth report which includes references to the survey results along with the numerous interviews that we conducted with subject matter experts and the different categories of results that we present in the research report. Included in the report are infographics which are a wonderful way to disseminate key findings from the research and these individual tiles serve a dual purpose. They can be repurposed as social media shareables. They can be added to presentations as individual facts and figures and they help visual learners to consume the content. So each one of these tiles will be a unique PNG file that can be shared and we hope that you'll take advantage of this opportunity to embed the content as you see fit in your own presentations and your own outreach. Finally, we're publishing our survey data as an open data set on data.world. So if you go to the Linux Foundation's site at data.world you'll see the Fino State of Open Source and Financial Services. We're committed to making sure that our data is not personally identifiable and provides our community with the opportunity to themselves dig into the data, play around with it as they see fit. So that was the methodology and a bit of the madness behind this fantastic research project. It was a great pleasure for me to collaborate with the team and I'm very proud of the work that we accomplished together and I hope it provides as much value to everyone in the community as it did to me personally and professionally. Now let's dig in to those findings. Thank you so much. Have a wonderful conference. See you another time. Cool. That was a bit like being back at work, wasn't it? You know, Zoom calls. Okay. We were going to be having a panel discussion but as you'll have seen two seats that would be a little bit weird. So what we're going to do is just talk a little bit about some of the findings just to give you a bit of background with respect to the structure of the report. So this is something that Scott Logic, Wipro, Linux Foundation, Finos worked on and we each focused on different areas and different aspects of open source. So we looked at open source leadership, open source governance. We looked at the different aspects of open source, the consumption of open source. So using open source tooling within your organization. We also looked at contribution. Are the respondents, are the Finos members giving back? And then we also looked at some of the more interesting aspects around culture and aspiration. So Gilles, I believe you're going to talk through a couple of these different aspects. I'll take another couple and then if anyone's got any questions, feel free to shout them out. Even as we cover the points. So during the study, actually each of the companies participating focused on specific areas. So here at Wipro, we looked at the governance part. We looked a bit at the consumption part of open source. And it's interesting because some of the findings actually point at the fact that we're far from there. There's still quite a bit of organization where the policies for consumption, for contribution are not in place. And even though, and that's quite surprising, even though there is use of open source in almost everywhere nowadays, it's very often done in an ad hoc mode. People download the stuff that nobody else knows about it. And one of the examples I'd like to quote, and I'm not going to name the culprit obviously for obvious reasons, but there was a company that we engage with that when we started the engagement, we asked them how much open source did they use and they looked at us very proudly and say, oh, quite a bit. We actually have like three to 600 components open source used in the company. And we started our engagement with an assessment. And we found 6,000. So no policies, no governance around downloading, using open source results in so many components being used in ways that nobody knows about until you ask each individual group what they're using and then you count them all and you have people here who don't know what people they're doing. And it's not a unique case. I had another bank who we were talking blockchain in one day, they told us, oh, no, we're not doing anything with blockchain yet. We haven't even done any pilots. And somebody that was a CIO, by the way, saying that. And somebody back at the room says, well, we have a pilot running in one of our labs with Ripple and CIO looked at them and said, what? Yeah, we downloaded it. It's free. So yeah, no policies means no traceability means high risk or higher risk. And the result actually is that for those who actually have policies, what they're finding here is that it'd be nice to actually have greater support around the policies, publish them, make them available. Because that's the next thing. If you have policies and nobody knows about them, which is another finding, then people don't know how to use them. So that is probably the first thing you want to look into when you're talking about doing open source in particular in a highly regulated environment like banking is that make sure that it is clear how to do it. And of course, the next step is implementing processes, tools and everything like that, but start with explaining the policy so people know what to do, where to look, who to ask and how to report that they're using this stuff. You can't see your necks. Yeah. And so as a result, interestingly enough, it's hard for people who are going to be consuming open source to actually figure out what they should be using, where they should be getting it from. For those of you who are in the open source world for a long time, we all know that you get the open source component from the repository where it's being developed and maintained, but not everybody does that. And so people get the components wherever they find them. Sometimes it's not a legitimate source. And then they don't tell anybody. So they're using a version, but then a new version comes out because it fixes security bugs. Somebody else uses a new version. And you end up having 10 versions of the same component in your 10. That's when you're lucky. And then you reach 6,000 components spread across the organization. But you have 10 versions of the same component. Not all of them have the same bugs. And when you try to consolidate that, it becomes a nightmare. So again, it's interesting because this finding is very much linked to the governance part in the sense that if you have a proper governance model in place, you shouldn't have that issue with people trying to figure out where do I use, where do I download the components, what version am I supposed to use. And I've seen places where people actually have a white list or a green book or however they've decided to call it depending on the organization. That says if you're going to be doing this, use that component, that version. Here is our internal repo for it. And that works. It can be done. It has to be done in an unobtrusive way. It has to be done in a way that actually empowers the user or the developer. But it can be done. We shouldn't have that. Not 56%. Cool. Yeah, I'm going to say a few words about contribution. What I want to do is, as you'll have seen in the video from Hillary, some of the findings of the reports have been sort of distilled into these little infographics. I want to pick up on the story from one of these infographics and drill into the detail. So this particular one says that 8% of respondents have policies that always encourage upstream contribution. So that's a very small number of respondents. And interestingly, he talked to someone at Bank. This is one of the interviews we did. And the guy who was head of their trading platform technology said, I'm not entirely sure what the process is for contributing back. I think the code goes to a central team. They check it and will contribute upstream on your behalf. But this is a managing director in an investment bank. And the response was, I don't really know. There's someone over there who I think can do it on my behalf, perhaps. So to tell the story behind this, one of the things that we did was we asked exactly the same question that was asked within the Linux Foundation FOS Contributor Survey. So the Linux Foundation Survey addresses a very broad industry demographic. It's not financial services specific. In fact, financial services, I think, was less than 5%. And that survey asked, please select the statement that is closest to your current employer's policy on contributing upstream. So you notice that the red is from Linux Foundation, their broad FOS Contributor Survey. 36% of companies surveyed always contribute upstream. Within the Finos Survey, it's about 8%. There's a significant difference in this industry. We're not an industry that naturally contributes upstream. And you can see that reflected elsewhere in the survey. Also, interestingly, something that was mentioned by Gavin has been repeated by many others is, in large financial services organizations, there's a lot of people that just don't know. Here, sort of 18%, I don't know what the policy is. Now drilling into the details a little bit more, one of the things that I'd like to explore is what it actually means to contribute upstream. Now, one of the things you've heard this morning is that Finos has helped a number of organizations open-source their own IP, their own technology. Finos is making very good progress on that front. What we see very little of is financial services organizations contributing to existing open-source projects. And it was quite interesting that Russell, who was the second keynote speaker, mentioned his first interaction in open-source was log4j, a pre-existing open-source project. And he described the value of contributing bug fixes to someone else's project. So we asked, do you spend time at work contributing to projects that are managed by other teams within your organization? A significant number said no. A number said yes, a few hours a month, a smaller number, a few days a week. So this is effectively in a source. This is people who are contributing to other projects within their organization. This is a growing movement. The next was externally distributed projects that your employer founded. And fewer, however, if you sum all the yes of various levels of investment, we're looking at what I don't know, 45%. The smallest is to third-party open-source projects. So upstream contributions to projects that are maintained by other organizations or the open-source community at large are the least contributed to by financial services organizations. And I nick this slide from one of the speakers earlier. If you don't go upstream, you basically screw yourself long-term. I mean, I wouldn't say something like that. So I'll quote someone else. The next thing I wanted to drill into is what's holding us back? What's limiting us? So we asked people, what do you think limits your employer's open-source investment and or discourages contribution? Top of the list. So this just to help you understand this chart, this is basically a sentiment chart. The blue bars are strongly agree, red is agree, neutral then disagree and strongly disagree. So it's basically expressing a level of sentiment towards a particular limiting factor. So the factor that drew out the strongest sentiment was a fear of leaking IP. I'm going to call that out as a bit of a joke. And the reason being, again, this morning we heard about Russell, his first interaction with open-source was Log4j. We heard from Liz, who is part of CNCF that have Kubernetes and Helm and Envoy. We're part of Linux Foundation that has projects like Node and Webpack. How on earth is a bank going to leak IP by contributing to Kubernetes? It makes absolutely no sense at all. I personally think that this is an incredibly misplaced fear. If we take the next one, legal or licensing concerns, yeah, they are a concern, but they are a known entity and they are an entity that most large financial services organizations have sufficient legal power behind them to solve that particular conundrum. I'd like to knock those two away. I think they are misplaced concerns. Next, I think is the important one, a lack of understanding the open-source value proposition. I think this is where they're really struggling. A lack of clear return on investment. Interestingly, at the bottom, technology constraints and challenges. I often hear people say it's technology getting the way. I don't think it is. It's the lack of understanding of the value proposition. That is where I think the real issue that sits. Also looking at culture, this is another one of their, one of the infographics being shared, 84% said innovation was the top motivator. If we actually look at the survey results in a bit more detail, again, this is another sentiment chart. What do you feel are the main reasons your company participates in open-source from a culture point of view? Innovation very much comes out top, which is great to see. Next, time to market, increased velocity, total cost of ownership. These are the driving forces behind open-source adoption and contribution. Sometimes here, recruitment and attraction being an important factor as well. I must admit, I really like seeing brand at the very bottom there. I think to me that speaks of a genuine authenticity in why people are interested in open-source. Finally, aspirations. This is the section that Finos managed. 69% of respondents feel consumption of FOS improves work productivity and again, I think that's a very interesting statistic. I like that the less it's not the total cost of ownership, it's not time to market. It's some of these more subtle and harder to quantify factors that I think are really quite important. Finally, the top five areas where respondents felt open-source could improve financial services organizations. Again, this speaks of innovation, AI, ML, common workflow, regulatory again. That comes up time and time again. Cloud and DevOps, which are inextricably linked. Can I make a point here about work productivity? One of my customers at the UK Bank coined a super interesting term. They call it zero-day productivity. They say, when we're using open-source components and we hire a developer that's actually a contributor to these components on the outside, we don't have to train them on the product. They actually know it in and out. The day they step into the office, they're ready to code. They're ready to operate the stuff. They're ready to work with it. That's what the guy meant by zero-day productivity. It's really there. When you hire somebody that's an open-source contributor, they're productive. They don't have to be trained on the product. Yeah, they might need to be trained on the internal IT stuff, but sometimes they come with their own laptop and they're ready to work already. That's a really, really strong impact. That speaks to that quote there, but the technologies were kept proprietary and banks and only became mainstream when other companies open-sourced them. The banks are inhibiting themselves by taking that approach. We do have time for questions. I might caveat it with our response. Maybe it's a 46-page report. You might have to read it to get the answer, but if anyone's got any questions or observations, that would be great. One at the back. Did we have any questions specifically on adoption? I'm not sure. I think we almost took it as a given that financial services in all organizations have relatively widespread adoption of open-source technologies. You can't move for the likes of Kubernetes, for example. That's entirely open-source. On the front-ends, things like TypeScript and React, they're all open-source. I think the way you said it, we basically took it as a given that everybody's adopting open-source. What we were trying to figure out is how they are doing this and how advanced and mature and ready they are with their open-source consumption, contribution and publication, which normally tend to be a consequence of adopting open-source. It was a starting hypothesis that everybody is adopting open-source to some extent or another, but are they doing it properly? Are they doing it enough? Yeah. Actually, one of the interviews I did with one of our clients from a bank did highlight something quite interesting. He said, what people have to understand is that we are a very large financial services organization. We've been in business for decades. One of the things that's very important to us is the longevity of any technology that we adopt. They mentioned that challenger banks, small-scale financial services organizations don't have that challenge. They don't have that kind of long-term responsibility that larger financial services organizations have. This is more anecdotal evidence. The inhibitor there is waiting until you're sure that that is the right decision, not just for now, but for next year, the year after and the year after that. Banks don't have legacy technology because they picked legacy technology. They have legacy technology because of the passage of time. Unless you're looking at new banks and all these new companies that actually, for these, they tend to create the technology as they move forward and related to this survey, but another thing that we did, another survey for another bank actually, and we found out that some companies like, I'll give an example, Revolut, the new bank, they're using open source technology and contributing to open source technology that for their user interface is developed by Airbnb. So they're not looking at a green field approach. They're looking at a blue sky approach. They're just taking the technology where it is being developed today, and they're making it better for them and for everybody else, and then they're leapfrogging all the legacy banks and saying, oh, we're going to do this thing that just maps into the way people see the world today through their phones. This is a completely different approach to, we have a legacy world that we need to interact with and then build on top to provide new services to people who are possibly going to go away if we don't. Here, the approach is really different. Well, I guess if we don't have any other questions, I'll just encourage you once again to go and read the report, download the survey, read the report and enjoy. Cool. Thank you very much.