Case Study: FINRA (Financial Industry Regulatory Authority) improves development efficiency and tightens open-source security with Synopsys Black Duck

FINRA Improves Development Efficiencies, and Tightens Up Open Source Security

FINRA, the not-for-profit U.S. securities regulator, manages massive volumes of market data (about 6 TB daily and 20 billion transactions) with 500 developers supporting 100–130 apps and roughly 100,000 builds. As open source use grew, FINRA’s homegrown tracking and approval workflows became unscalable—reporting was manual and fragmented, dependencies generated dozens of tickets, and the organization lacked visibility into who was using which components.

FINRA implemented Artifactory Pro and Black Duck to automate open source management, create a continuously updated bill of materials, and shift to an exception-based review process. The change eliminated most manual tracking, improved vulnerability-impact visibility, saved about three person-days per app on average, cut the legal team’s open source workload by 75%, and allowed FINRA to retire its technology review team.

FINRA

Kostas Gaitanos

Senior Director of Development Services