Goldman Sachs To Open Source Its Software
The investment bank spent countless hours over 14 years developing a platform called Alloy to help it access and analyze the growing set of financial databases being created across the firm. Now Goldman is taking the unusual step of making that program, as well as the language underlying it, available to the rest of Wall Street for free as open-source software in collaboration with a nonprofit called Finos.
Goldman Sachs To Open Source Its Software
The move is the latest step by Wall Street to follow the lead of tech giants like Google and Facebook that regularly release code to outside developers. Earlier this year, Goldman said it would put some of its trading and risk management code on GitHub, the open-source code repository. Rival bank J.P. Morgan Chase also releases code on Github for initiatives including its Quorum blockchain project.
"We're using Alloy because it radically reduces the cost of wrangling disparate datasets and disparate sources of data together," Wecker said. "We believe that would be true for others, and we feel so strongly about it that we're open sourcing it to offer an opportunity for the industry to standardize around data concepts faster."
Goldman Sachs Engineering is committed to open source in software, currently focused on using containers across our technology stack. We continue to partner with Docker and Open Container Initiative teams in thinking about challenges unique to the enterprise and what possible solutions might look like.
In an overlooked yet insightful blog the bank recently detailed the critical OSS tool it has deployed to help tackle query latency. (Goldman Sachs has also spun up a range of its own open source tools like database deployment software Obevo, open sourced under an Apache 2.0 license in 2017 to help developers manage database schema definitions for new and existing sytems under a a standard software development lifecycle or SDLC approach.)
FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster adoption of open source, open standards and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts 33 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world.
Arrested last month for stealing cutting-edge trading software from his former employer, Goldman Sachs Group Inc., programmer Sergey Aleynikov offered up an interesting defense: he was only trying to download open-source software.
A report published Sunday in The New York Times says Aleynikov told FBI investigators that he had inadvertently taken about 32MB of proprietary Goldman Sachs software while taking open-source code that he said can be used freely by anyone.
Observers also wonder why Aleynikov didn't simply download the unnamed open-source code from any of its free repositories rather than from Goldman Sachs systems. And programmers and open-source users are left wondering whether Aleynikov can be found guilty of stealing the code that belongs to the programming community.
Actually, he can, according to legal and open-source experts who cite the terms and conditions of the General Public License (GPL), which is used to govern the use of about two-thirds of open-source software.. "This is a common misconception," said Brett Smith, license compliance engineer at the Free Software Foundation (FSF), which oversees use of the GPL.
Though the FSF has long argued that all software and source code should be free -- just today, it launched a campaign against the "sins" of Microsoft's proprietary Windows 7 operating system -- the terms of the GPL do include some restrictions.
For example, the GPL states that companies that modify open-source software for internal use aren't required to share code changes with the open-source world, said Smith. "You never have to provide the source code to an upstream developer or the general public if you don't want to," he said.
The MIT and BSD licenses, for example, "have no ongoing obligations," according to Andy Updegrove, a Boston lawyer who represents several open-source organizations. "So if the [Goldman Sachs] code in question was under these, then this guy would not have had any right to the code nor would he be likely to have had a public repository to turn to to find Goldman Sachs' altered version."
So Goldman Sachs likely was not required to share any of its modified open-source code, and thus its aggressive moves to make sure none of it comes to light is unsurprising. Smith said that he had never heard of a Wall Street firm donating source code back to a project.
Updegrove added: "To the extent that the identical code was available elsewhere, he used poor judgment taking the code from a Goldman Sachs server. To the extent he took any altered code based on open-source code that Goldman Sachs had not already contributed back to the project, I see no reason why this would not run afoul of his contractual obligations to Goldman Sachs, just as would normal proprietary code."
Orzechowski recommends that programmers in highly competitive industries like securities trading talk to their companies' lawyers about how to use and document their use of open-source software. "There are ways to develop apps that are isolated modules so that you won't trigger the viral [code-sharing] provisions of open-source software," he said.
It's notable, too, that in these areas at least Goldman is using quite a few open source packages. The firm's been on Github for a while, but it's also leveraging open source packages like Terraform (an infrastructure as code software tool), Grafana (an open source analytics and visualization platform), and Logstash (an open source data processing pipeline).
The presentation didn't cover Goldman's front office sales and trading stack. However, there are signs that the firm is also moving to open source packages here. Currently-advertised roles for engineers working on trading technology mention open source software like RabbitMQ (a message broker), which is being used for the firm's messaging systems.
The solution includes a configuration/policy engine that sits behind the firewall. Companies create their policies, and as developers submit code to their repositories Sonatype checks the open source components against the policies to make sure they are in compliance. If they are, they are let through. If not, they are stopped for further action as defined in the policy by a particular company.
If this sounds like a big undertaking, it clearly is. And if you want to achieve one of these data job at Goldman - and anywhere else in finance, it might help to learn Goldman's inhouse data coding language, known internally as PURE and now open sourced as the Legend Language.
This isn't the first time Goldman has built its own programming language. - It's also got Slang, which underpins SecDB, and which - depending upon who you ask - is either a route to a great software career at Goldman or a career cul-de-sac. As a more contemporary language (Slang dates back to the 1980s) and one that's been open sourced, Legend is unlikely to suffer the same problem. Anyone currently working on Extract Transform and Load (ETL) systems that copy data into destinations (like data lakes) might want to familiarize themselves with Legend especially quickly: if Legend becomes the norm, many of these roles could become redundant.
The Open Source movement has already reached a certain level of maturity. While 5-10 years ago, Open Source was still considered something of computer-nerds, idealists and small start-ups, today it has become mainstream. The recent acquisitions of open-source companies by large established corporate tech-vendors is the best proof of this evolution:
At the same time these incumbent tech players are adopting a true open source strategy themselves. E.g. Microsoft, initially one of the most has adopted an open source strategy, since Satya Nadella became CEO in 2014, e.g.