What's stopping banks from creating FOSS (or atleast open-source) banking solutions (apps)? (fost.hu)

submitted 11 months ago by nIi7WJVZwktT4Ze@fost.hu to c/opensource@lemmy.ml

18 comments fedilink hide all child comments

cross-posted from: https://fost.hu/post/226135

Let's say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?

If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank's apps by publicizing it?

Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?

EDIT: Clarifying question: Is there a technical reason they don't publicize their code or is it just purely corporate greed and nothing else?

you are viewing a single comment's thread
view the rest of the comments

[-] kambusha@feddit.ch 20 points 11 months ago

A couple of reasons:

Who would contribute? Banks are highly regulated and sometimes deal with complex products that most Devs don't have a background on. Even most Devs in banks rely on a team of business analysts, designers etc to shape the requirements. Add on top of that the general negative perception of banks, I can't think of a large open-source community forming.
Competition. Bank's primarily compete with each other. They all offer very similar products, and any advantage they can gain by developing proprietary software will be explored.
Third-party apps. Banks use a TON of third-party apps behind the scenes. A lot of times they will purchase licenses for existing products and then customise on top of that.
Outsourcing. Even when they are building the app "in-house" they may have outsourced the development to another company, and will then just maintain the finished product.
Banks move slooooowly. As it's a highly regulated industry, every deployment needs to go through a ton of red-tape. An exploit found in public might take weeks to be resolved internally.
Reward is not worth risk. It simply isn't a priority and they can't see any benefit for doing it. It's more likely to cause a reputation risk than not.

this post was submitted on 17 Nov 2023

30 points (82.6% liked)

Open Source

30826 readers

890 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml