Communications Very Erratic (CVE): Stabilizing Vuln Data for the Industry (OSFF NY Preview)

🚀 Get a sneak peek of how FINOS Common Cloud Controls (CCC) can move from policy docs to practical enforcement—through automation and open source.In this clip:Toni de la Fuente, Founder & CEO, ProwlerToni shares his journey from maintaining open source in his spare time to helping the community align cloud security with real frameworks like CCC. He previews the upcoming OSFF workshop, where he and Pedro Martín will show how to translate CCC requirements into automated checks across AWS, Azure, and GCP, and how AI can help teams generate and test custom controls quickly. The session will also cover lessons learned: data modeling, compatibility challenges, and how to keep automation simple enough to adopt without adding more complexity.🎟️ See Toni’s full workshop with Pedro Martín at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenSourceInFinance #CCC #CloudSecurity #AI #ComplianceAutomation #MultiCloud #DevSecOps

🚀 Get a sneak peek of Ihsan Saracgil’s OSFF NY session on how OpenBB’s Open Data Platform (ODP) lets teams connect private, proprietary, and public financial data to AI—securely, locally, and on your terms.In this clip:Ihsan Saracgil, CPO, OpenBBTired of waiting on scarce engineering cycles for every integration? Ihsan shows how ODP gives data engineers a Python-native, local-first way to register extensions, wrap external sources as APIs, and serve them to downstream tools (copilots, notebooks, dashboards) with full control of credentials, execution, and access. He also breaks down why Model Context Protocol (MCP) is a game-changer: wire up tools to your AI copilot fast—so tasks that once required custom plumbing (even “send me that result via email”) become quick, safe, and auditable. With a lightweight GUI (Tauri) and standardized FastAPI/OpenAPI specs, ODP helps teams unify messy data pipelines without leaking business logic to third-party platforms.🎟️ See Ihsan’s full talk at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenBB #OpenSourceInFinance #FinancialData #AI #Copilots #MCP #DataEngineering #LocalFirst

🚨 What happens when the backbone of vulnerability reporting wobbles? In April 2025, funding shocks to CVE/CWE—and the downstream NVD—sparked panic before a short-term lifeline appeared. The uncertainty hasn’t gone away.In this clip:Christopher “CRob” Robinson, CTO & Chief Security Architect, OpenSSF (The Linux Foundation)CRob previews his OSFF NY session on why reliable, authoritative vulnerability metadata is critical for banks, regulated enterprises, and open source maintainers—and what upstream is doing about it. He walks through the recent CVE/NVD turbulence, why downstream teams (risk, OSPOs, product owners) struggle to meet regulatory obligations without stable data, and how the open source community is collaborating to deliver consistent, high-quality vulnerability information going forward. Expect clear context, practical takeaways, and a path from fragmented signals to trustworthy feeds.🎟️ See CRob’s full talk at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenSourceSecurity #OpenSSF #CVE #CWE #NVD #VulnerabilityManagement #Risk #Compliance #SupplyChainSecurity

🚀 Highlights from #OSFFNewYork by FINOS – the premier open source in finance conference.Join us at the Open Source in Finance Forum (Oct 21–22, 2025): https://hubs.ly/Q03z9D9D0In this episode (podcast preview):Grizz Griswold, Head of Marketing, FINOSDay 2 is built for builders and risk leaders alike—two AI tracks, a full OpenSSF security program, a Confidential Computing Consortium security track (details incoming), and a fast-moving Hot Topics lightning series.Open Source, AI-Powered Industry (developer/engineering focus): Hands-on sessions on AI-native software development, neuro-symbolic techniques, workforce augmentation with agents, adoption challenges, and integrating AI with FDC3—closing with the EAMS Dial open source enterprise gen-AI platform. Speakers from J.P. Morgan, Red Hat, S&P Global, Scott Logic, interop.io, EPAM, and more.Mutualizing Risk & Compliance in the Open (governance focus): How the industry collaborates on secure-by-design architectures, automated compliance with Common Cloud Controls (CCC) + Prowler, zero-trust blueprints, and the FINOS AI Governance Framework. Featuring ControlPlane, Prowler, Runnink, GitLab, JUXT, and more.OpenSSF: Guarding the Vaults (security focus): Raising the baseline for secure OSS in finance—securing AI in the open, defending against secrets/token/API attacks, and model signaling/validation. Contributions from IBM, Bloomberg, Sonatype, Red Hat, and OpenSSF.Confidential Computing Consortium (security track): Sister-foundation deep dives on hardware-anchored trust and protected data/compute—full agenda to be announced.Hot Topics (15-minute lightning talks): Rapid-fire innovation across open data, GenAI, FDC3, CDM-driven automation, payments flexibility, financial agents, and more—speakers from Citi, AWS, GitLab, OpenBB, Temporal, RPI, J.P. Morgan, vCluster, and others.🎟️ P.S. There’s a hidden VIP code in the audio (free & 50% tickets). It’s not in this description—catch it in the episode!🌐 More about FINOS: https://www.finos.org/📥 Download the latest State of Open Source in Financial Services: https://www.finos.org/state-of-open-source-in-financial-services📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNewYork #OpenSourceInFinance #AIinFinance #Security #OpenSSF #ConfidentialComputing #FDC3 #CDM #AIGovernance #CommonCloudControls #ZeroTrust #Conference

🚀 Highlights from #OSFFNewYork by FINOS – the premier open source in finance conference.Join us at the Open Source in Finance Forum (Oct 21–22, 2025): https://hubs.ly/Q03z9D9D0In this podcast (podcast preview):Rakia Finley, Founder & Managing Partner, Copper & Vine StudioRegulatory rigor and rapid innovation don’t have to clash. Rakia shares a battle-tested approach to embedding compliance into product design using zero-trust architecture and open-source components. She explains why leaders must clarify the “why” behind regulatory change, and why developers should start from existing regulations—auditing “digital beliefs” (data quality, infra, policies) before layering AI. Expect takeaways on aligning to DORA/ISO, secure-by-design patterns, proactive threat modeling, and how inclusive governance reduces risk by reflecting the communities you serve. Plus: a teaser case study of a fintech pipeline brought into compliance without slowing delivery.🌐 More about FINOS: https://www.finos.org/📥 Download the latest State of Open Source in Financial Services: https://www.finos.org/state-of-open-source-in-financial-services📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNewYork #OpenSourceInFinance #ZeroTrust #Compliance #DORA #ISO27001 #SecureByDesign #AIGovernance #FinancialServices #CopperAndVine

🚀 Highlights from #OSFFNewYork by FINOS – the premier open source in finance conference.Join us at the Open Source in Finance Forum (Oct 21–22, 2025): https://hubs.ly/Q03z9D9D0In this episode:Grizz Griswold, Head of Marketing, FINOSA fast, inside look at Day 1 of OSFF New York: what’s new, what’s launching, and where you’ll get the most value.Keynotes & momentum: How open source went from “nice-to-have” to core infrastructure in finance, with ROI front-and-center.The Forge (ideation): Ground-floor concepts before incubation—think Open SDLC Controls, Secure-by-Design (CALM + AI Governance + Common Cloud Controls), and an Open Data Commons.Launchpad (incubating projects): Hands-on sessions with CALM, the FINOS AI Governance Framework, Common Cloud Controls, and a brand-new project being unveiled on stage.CDM track: Real adoption stories—eligible collateral, digital bond issuance, and tokenized assets integrated into collateral management.FDC3 track: Desktop interoperability becomes mainstream—conformance, web expansion, and a preview of FDC3 2.3.Open Source Readiness: How banks scale OSPOs, govern licenses, and roll out enterprise open source programs—case studies from leading institutions.Community & networking: Seven tracks, project expos/booths, hallway track magic—meet maintainers, ask questions, try the tech.🎟️ P.S. Listen for a hidden VIP code in the audio (free & 50% tickets). It’s not in this description—catch it in the episode!🌐 More about FINOS: https://www.finos.org/📥 Download the latest State of Open Source in Financial Services: https://www.finos.org/state-of-open-source-in-financial-services📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNewYork #OpenSourceInFinance #FinancialServices #Conference #FDC3 #CDM #OpenSourceReadiness #DevOps #AIGovernance #OpenSourceCommunity

The Evolving Role of Open Source in Financial Services with GitLab's George KichukovIn this episode of the FINOS podcast, Grizz Griswold interviews George Kichukov from GitLab to discuss the transformative effect of open-source technology in financial services. The conversation covers the adoption of secure open-source practices, the importance of a strong engineering culture, and the benefits of contributing back to the open-source community. George shares insights from his 20-year career, including his extensive experience at Citibank, and elaborates on his current role in improving software delivery at GitLab. The episode also highlights upcoming events like the Open Source and Finance Forum (OSFF) and the vital role of sponsors in fostering industry collaboration.00:00 The Evolution of Open Source in Financial Services01:32 Upcoming OSFF Events and Sponsors01:33 Upcoming OSFF Events and Sponsors03:31 Introduction to George Kichukov from GitLab03:52 George's Role and Experience at GitLab06:36 George's Career Journey Before GitLab12:15 The Importance of Developer Experience15:56 The Role of Open Source in Developer Experience20:57 The Shift in Financial Services Towards Open Source26:58 Conclusion and Final ThoughtsGeorge Kichukov: https://www.linkedin.com/in/kichukov/GitLab: https://about.gitlab.com/ Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Exploring Data Mesh and Open Source Governance with Daniel PaesIn this episode of the FINOS podcast, Grizz Griswold interviews Daniel Paes, a FINOS Ambassador. They discuss concepts like data mesh, data contracts, and the use of open source tools like Legend and CDM in data governance. Daniel shares his journey from a business intelligence analyst in Brazil to a principal director at a CloudOps and DataOps company in Canada. They also talk about the Open Source and Finance Forum (OSFF), upcoming events, and Daniel’s innovative projects like Runink. This episode offers insights into the adoption of open source tools in financial services and practical applications of data governance models.00:00 Introduction to CDM and Legend01:07 Upcoming OSFF Events and Sponsors03:06 Meet Daniel Paes: Background and Career04:08 Daniel's Journey with Open Source06:20 Open Source in Brazil and Canada11:31 Daniel's Career Path15:32 Current Projects and API Days Insights15:42 Exploring FINOS Legend and CDM22:07 Runink: A New Open Source Project29:12 Becoming a FINOS Ambassador30:10 Conclusion and Future PlansDaniel Paes: https://www.linkedin.com/in/danspaes/Runink: https://www.runink.org/Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Exploring Common Controls and Governance in Financial Services with Kosli's CEO, Mike LongIn this episode of the FINOS podcast, Grizz Griswold interviews Mike Long, CEO and founder of Kosli. They discuss the challenges of AI readiness and managing risk in financial services, focusing on the importance of common control definitions in SDLC processes. Mike shares his journey from studying AI and computer science to founding Kosli, emphasizing the role of automation in governance and compliance. The conversation highlights the significance of community and collaboration within FINOS to solve industry-level problems, touching on AI, regulatory compliance, and the future of governance automation. Mike also reflects on the evolution of agent-based solutions and their applications in current tech environments. Tune in for insights on making engineering processes more efficient and the importance of shared understanding in tech and compliance.00:00 Introduction to Control Definitions01:14 Upcoming OSFF Events and Sponsors03:13 Meet Mike Long, CEO of Kosli03:47 Mike Long's Background and Career Journey07:01 Challenges in Financial Services and Kosli's Solutions09:54 Joining FINOS and Goals for Collaboration16:22 The Importance of Community in FINOS20:37 Future of AI and Autonomous Agents24:11 Closing Remarks and OSFF LondonKosli: https://www.kosli.com/Mike Long: https://www.linkedin.com/in/mikelongkosliGrizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

In this episode of the FINOS Open Source in Finance webinar series, Karl Moll hosts an engaging panel discussion with Tyler Warden from Sonatype and Aaron Erickson from Nvidia. The topic is 'The Unexpected Risks of AI in Finance,' covering hidden and novel security risks in AI-driven financial systems, the importance of hardware in AI security, and regulatory approaches to AI compliance. The panelists delve into common misconceptions, real-world examples of AI risks, software supply chain issues, and actionable advice for securing AI pipelines. They also discuss the fundamental role of human accountability and the importance of collaboration between security and engineering teams.00:00 Welcome and Introduction03:40 Panelist Introductions05:43 Common Misconceptions in AI Security08:37 Hidden Risks of AI in Finance16:52 Regulatory Approaches to AI Risks23:54 Advice for Compliance Teams30:56 The Importance of Fundamentals in AI31:37 AI's Role in Speeding Up Reaction Times32:56 Building Security into AI Pipelines36:02 Operational Collaboration for AI Security43:07 Designing User-Centric AI Systems48:40 Rapid Fire Q&A on AI Security55:23 Final Thoughts and RecommendationsFind more info about FINOS:On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.