A Fund Management Co., Ltd. is one of the first fund management companies established in Mainland China, and also one of the fund companies with the largest asset management scale in my country. In the process of development, the fund company has comprehensively strengthened the construction of professional capabilities by improving the level of digital intelligence, and continuously improved the core capabilities of investment research, compliance and risk control capabilities, and product innovation capabilities.
Industry is highly dependent on digitization
Increased security risks bring new challenges
The financial industry is a professional field highly dependent on information and data. In recent years, the fund company has also continued to seek digital intelligence upgrades, and comprehensively promote related financial technology in various business scenarios such as investment research, risk control, trading, operation, and marketing. The landing of the means. In the process of relying on financial technology to improve customer experience, the fund company is facing a new challenge - the security risk of open source components. It needs to introduce a software component analysis product to trace the source and impact analysis of the open source components introduced in the company, and make up for it. The problem of insufficient security personnel.
The fund company chose the open source network security software component analysis tool (SCA), embedded SourceCheck into the CI/CD pipeline, realized the automatic detection of source code packages and product packages, and made security testing a part of the development process. During the development process, every time a code is submitted, SourceCheck can run automatically, detect all components used in the code base for vulnerabilities and security issues, and feedback the results to the developers. Help developers discover and solve problems in a timely manner, preventing vulnerabilities and security issues from being released to the production environment.
Introducing SourceCheck
Reduce Risk Governance Costs
After the software component analysis tool (SCA) was deployed, hundreds of code bases were detected accumulatively, which helped the fund company strengthen the code quality, promote the optimization of each resource node, realize the integrated process of development, detection and repair, and greatly improve the It reduces the cost of testing and troubleshooting, improves development efficiency, and reduces the cost of risk management. At the same time, it also promotes the fund company to use financial technology more safely, expand the boundaries and service scenarios of user services, and provide users with whole-process, precise and customized financial services.
The fund company has always believed that digital and intelligent transformation is the only way for the company to build its core competitiveness. In the future, it will continue to carry out the integration and innovation of technology and business, continue to improve its own technology strength, and provide high-quality investment returns and services. Help investors share the fruits of economic growth and the growth of high-quality enterprises. Open Source Network Security will also continue to leverage its capabilities in software security assurance, explore more usage scenarios in the financial industry, and use more comprehensive and innovative products and solutions to build a secure foundation for the development of the digital economy.
