Open Source in Finance Forum New York 2024

Improving software supply chain security starts with a secure foundation. The FINOS community has recently intensified efforts to help members enhance software supply chain security on two critical fronts:

1. Empowering maintainers to assess and improve their dependency ingestion with access to enterprise-grade software composition analysis (SCA)
2. Providing in-depth dependency consumption analysis, including a detailed review of member downloads from Maven Central

In this presentation, Brian Fox, co-founder of Sonatype, the maintainers of Maven Central, will explore the tangible risks the FINOS community is addressing through these initiatives. He’ll walk through a detailed consumption analysis report from Maven Central, sharing industry insights, what these trends reveal about software supply chain risks, and actionable steps organizations can take to enhance their security posture. Additionally, he’ll provide an overview of the SCA tools available to maintainers to reduce risk and improve delivery across FINOS projects.