Modern software is increasingly complex, made up of hundreds or thousands of open source components, hidden away in deeply-nested dependency trees. Just how much do we know about these open source components that are an integral part of our products? What are the risks associated with their usage, and our exposure?

Within the financial services industry, most often the solution is to build up a robust defence against these perils. Security scans, licence checkers - creating a walled-garden that harm the wider open source ecosystem. In this talk Colin will take a closer look at the make-up of modern software supply chains - where this code comes from, who authored it and how it is distributed. Ultimately asking ourselves the question “is this sustainable?” Despite numerous efforts to address this challenge; crowdfunding, sponsorship and highlighting critical infrastructure projects, this problem is growing. To solve it we need a reset in how we view this precious and fragile asset. Much like the environment, grass-roots activism can only go so far, to really make a difference large corporations need to wake up to their responsibility and make genuine and tangible commitments.