Case Study: FINRA achieves faster development and stronger open-source security with Black Duck

FINRA Improves Development Efficiencies, and Tightens Up Open Source Security

FINRA, the not‑for‑profit regulator that oversees U.S. brokerage firms and protects investors, manages massive volumes of market data (about 6 TB daily and 20 billion transactions) with 500 developers handling 100–130 apps and roughly 100,000 builds. Its homegrown open‑source tracking and approval workflow became unscalable and administratively heavy—creating hundreds of tickets for dependency chains, poor visibility into where components were used, and a slow approval process that hampered development and legal reviews.

FINRA deployed Artifactory Pro with Black Duck to automate open‑source management and maintain a continuous bill of materials, enabling exception‑based review instead of manual checks for every artifact. The change reduced developer overhead (about three person‑days saved per app), cut the legal team’s open‑source workload by 75%, eliminated a separate tech‑review team, and gave security teams fast, accurate visibility into vulnerable artifacts and affected applications.

FINRA

Kostas Gaitanos

Senior Director of Development Services