cross-posted from: https://fost.hu/post/226135
Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?
If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank’s apps by publicizing it?
Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?
EDIT: Clarifying question: Is there a technical reason they don’t publicize their code or is it just purely corporate greed and nothing else?
Remember that banking and finance is full of regulations, and have moving speed of snail. Opposite of IT. When asked for something like this (open source or cross compatibility or anything nerdy) the first question is “who will be liable for losses and damages when something breaks?”.
Liability is probably the biggest factor. When something isn’t working properly, they want to be able to point fingers at someone and blame them. The vendor then blames someone else. Open source tends to be the polar opposite, which means huge red flags - hippie stuff, no payment, no liability, no pointy-blaming game.
Or so I’ve heard from people working in that sector. For places as conservative as them to deploy FOSS solutions, you’ll need the government branches cooperating with clearly worded laws and regulations, dragging them kicking and screaming into adoption.
And that’s assuming no one will lobby against in the process.