By Bart Copeland, CEO and President, ActiveState
Essentially the developers are determining what languages are available for use and, consequently, selecting the languages used within their organizations. This has led enterprises, including financial organizations, to run open source languages out of necessity.
As such, there has been a massive shift in the adoption of open source languages and genesis of new ones in the last 20 years. Even large corporations such as Microsoft, Google and IBM contribute to open source projects that are hosted on GitHub; Spotify, Dropbox and Reddit are among the big names that use Python. This level of activity has brought about the proliferation of new languages co-existing with older languages, which creates more and more challenges for various stakeholders in the Software Development Lifecycle (SDLC) – and more tension.
These stakeholders have different needs and priorities, which is what’s causing the clash. Addressing this tension requires a convergence of the needs of two specific stakeholder groups: coders and the financial institutions for which they work. There are ways to fulfill what both coders and financial institutions need, create better experiences for coders and make things easier for all stakeholders in the SDLC.
Coders need speed, want to create, and crave a frictionless environment. Banks and other financial institutions need security, control and compliance. Roadblocks and restrictions need to be removed for coders while ensuring the needs of the financial institution e are being met.
Imagine what your development environment could look like if you could gain all of the potential benefits of open source languages while still fulfilling coder needs and resolving your business requirements. What if uniform tooling could be provided across open source languages? And what if your business could use a single uniform tooling set regardless of open source language? It would solve needs for the coder and the requirements of the business.
If financial institutions implement uniform tooling, their open source languages can be: compiled and installed; dependencies found and installed; and code written, tested and updated complete with security and license compliance needs being addressed.
However, today tooling isn’t uniform across open source languages. And the maturity and best practices of tooling wildly vary. IT teams at banks and other financial institutions create a work-around by creating policies to mitigate for deficiencies in tooling. This work-around is sub-par because it happens too late in the SDLC, after threats and issues are introduced into your code.
One Ecosystem to Rule Them All
The fact that open source is so open is what makes it so useful. However, its lack of controls makes it something of a digital wild west. Fewer restrictions enable faster innovation, but they come at the cost of quality and cohesion for the business. Many of your installed libraries have holes and security threats. Your business is faced with time-consuming license reviews to ensure adherence to third-party license rules as well as internal policies restricting certain types of licenses. In addition, license reviews happen at one point in your code’s life cycle versus in an ongoing, automated way. Financial institutions are burdened with high administrative overhead and stale information.
This outcome is not inevitable, though. What would it look like for a bank to have a uniform and high-standard ecosystem for their package management, with no vendor lock-in, all based on open source? What if a bank could be guaranteed the same quality and types of packages for every language they use? What if a bank could easily have visibility for what is being used across all of their environments, from concept to development to testing to production? It would be easier for the coder and fulfill the requirements of the business.
Open source language ecosystems are somewhat unreliable due to their wild west quality; updates and deletions can occur and community support may end for packages or other open source components on which your rely. And there are different package management solutions with differing degrees of sophistication, complexities and required expertise to use. Today, a bank can easily end up with multiple package management solutions and have different packages of the same open source programming language. There is no single or consistent source of truth.
Getting expert input on complex issues is always a good idea. Working with a technology provider is an effective way to reduce your open source language risks and solve your coders’ need for speed. A provider who can offer not just support, but also:
● The expert experience to build the language distros you need based on usage, environment, security and compliance requirements and applications.
● The right licenses based on usage and policy requirements
● The appropriate packages for each specific application
● The indemnification that is right for you, based on usage
● The right builds, standardized for all of your teams and ready to go out of the box
● Excellent notification and remediation based on Common Vulnerabilities and Exposures (CVE) security threats
A Single Source of Success
In developer environments, it’s sometimes necessary for coders to build many programming languages in an environment. The resulting “polyglot” situation creates benefits as well as challenges. Better products are made, and products are shipped faster, but it’s difficult to build a core competency in a particular programming language. And it’s impossible to centralize support and difficult maintenance requirements. You could say the unicorn that financial institutions should be chasing is a single uniform tooling set that would work across a polyglot environments. It could enable the IT teams at financial institutions to more easily use and implement open source languages. This would make both business leaders and coders happy, empowering greater productivity and agility across the business.
About the author
Bart Copeland is the CEO and president of ActiveState, the open source languages company that provides enterprise-level programming language distributions backed with cross-platform consistency, commercial technical support, security reviews, license reviews, and indemnification. Bart holds a Master’s of Business Administration in technology management from the University of Phoenix and a mechanical engineering degree from the University of British Columbia.