Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?

If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank’s apps by publicizing it?

Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?

EDIT: Clarifying question: Is there a technical reason they don’t publicize their code or is it just purely corporate greed and nothing else?

  • MJBrune@beehaw.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Absolutely, you are the company paying for all the work of the FOSS app, having to ensure it meets FCC regulations for banking. It’s a huge mess. Costs millions to do. Pull requests can’t just be taken they must be studied by several teams and a lot of the time it’d be easier and better if that code came internally so you’d be able to directly communicate with the author. That said FINOS exists, https://www.finos.org/ They are more about adopting the usage of open source libraries rather than writing their own though.

    Overall you’d get no to little benefit and lose a competitive edge while causing more technical headaches following standards to open source your code.