Open-source software underpins 70% of businesses, making it a critical part of the global economy. Yet much of this infrastructure is maintained by small, underfunded teams, creating a growing source of fragility in the technology that businesses and financial markets rely on every day. To address this, EXANTE, a global prime broker, has launched Gecko Fund – a new €1 million grant programme to support critical open-source software projects used across trading and financial data systems. The initiative provides direct funding to maintainers of the fintech’s backbone, including APIs, single-maintainer libraries, and core components of global trading infrastructure.
Richard, you’ve spent more than 30 years building trading technology. What changes in financial infrastructure have had the biggest impact on the industry during your career?
The biggest change has been the move from building everything in-house to building on shared infrastructure. Twenty or thirty years ago, financial institutions wrote much more of their own stack. Today, software is assembled from thousands of components built by global communities, cloud providers and specialist vendors.
Financial markets have also become far more connected and demanding. Clients expect real-time access to global markets, institutions process far larger volumes of data, and resilience has gone from a competitive advantage to a basic requirement. That has changed the job. Building features is only part of it. Keeping systems reliable and secure at scale now matters just as much.
Open-source software now underpins a large share of the global economy. Why do you think its importance has grown so dramatically over the past decade?
Modern software is too complex for every company to build every component itself. Open source lets organisations reuse proven building blocks and spend their engineering effort on what actually differentiates them.
It has also accelerated innovation. Open-source communities solve problems collectively, often far faster than any single organisation could alone. That is why open source now sits underneath cloud platforms, data infrastructure, developer tooling, AI frameworks and financial systems. It underpins roughly 70% of businesses worldwide, so most organisations rely on it every day, whether they realise it or not.
Despite being so widely used, many critical open-source projects remain underfunded. How did we end up with this imbalance?
Partly because the better it works, the less anyone thinks about it. Once software proves stable and reliable, people assume it will always be there. Businesses benefit from it every day, but maintaining it is often left to a very small number of developers whose work is largely invisible.
There has never really been a sustainable economic model for infrastructure projects. Open source is estimated to generate around $8.8 trillion in economic value, yet nearly two-thirds of maintainers behind widely used projects receive little or no meaningful financial support. The benefits are spread across whole industries, while the costs sit with individuals. That holds for a while, but it gets harder as the software becomes more critical and the security expectations keep rising.
Why should financial institutions and fintech companies care about the sustainability of open-source software?
Financial services depend on trust. Clients expect trading platforms to stay available, secure and resilient at all times, and that reliability extends well beyond a firm’s own.
Plenty of organisations invest heavily in cybersecurity, governance, and operational resilience, but those efforts are only as strong as the infrastructure underneath them. Around 70% of a modern software stack is open-source components. Understanding those dependencies, and helping keep them healthy, is becoming part of responsible technology management. If a widely used component stops being maintained, or a serious vulnerability goes unfixed, the damage does not stop at one organisation.
Do you think the industry is doing enough to support the software it depends on? What responsibilities should businesses have toward open-source projects?
Awareness has improved, particularly after a few high-profile supply chain incidents. More organisations are now looking at what sits underneath their stack.
The gap is between noticing the problem and doing something about it. The sensible order is to work out which projects are actually critical to your own operations, then decide how to contribute.
Money is one way, which is why we launched the Gecko Fund with €1 million committed. It is not the only way. Engineering time, security reviews, testing, documentation and simply taking part in the communities all count. If software is an essential part of your business, keeping it alive should be part of the job too.
How is AI changing the cybersecurity landscape for financial infrastructure?
AI is changing both sides. It helps engineering and security teams spot anomalies, review code and find vulnerabilities far faster than before. The attackers have the same capabilities.
What has changed most is the speed. Tasks that used to take significant manual effort can now be automated and scaled. Vulnerabilities can be found, analysed and exploited much faster, which leaves organisations less time to respond. Cybersecurity can no longer be something you review every so often. It has to keep pace with the technology itself.
As AI agents gain greater access to financial workflows, what will become more important: model intelligence or the security and governance frameworks around it?
Models will keep improving, but intelligence alone is not enough once those systems start interacting with financial infrastructure. The more authority an agent has, the more it matters to define what it can, and how those actions are verified.
Security and governance are the boundaries AI operates safely within. Financial systems have always run on strong controls, auditability, and clear accountability. AI does not replace any of that. If anything, it raises the bar for getting it right.
Looking ahead, which areas of financial infrastructure do you believe will face the greatest security and resilience challenges over the next five years?
Three things. The first is concentration. A small number of cloud and infrastructure providers now sit underneath most of the industry, so the question stops being whether your own systems are resilient and becomes what happens when one of a handful of shared dependencies has a bad day. The second is the software supply chain, which is the open-source point in a different hat: you are only as resilient as components you did not write and may not even know you depend on. The third is AI agents acting inside financial workflows. Once something can take actions and not just answer questions, the resilience problem is no longer “is it available” but “can it do something expensive that nobody authorised.” None of these are solved by buying more of anything. They are solved by knowing what you depend on.
If you could change one thing about how the technology industry approaches open-source software today, what would it be?
If I could change one thing, it would be the mindset. Critical open-source software is still treated as a free resource rather than shared infrastructure.
Companies already spend heavily on keeping their own systems reliable. Supporting the software that those systems depend on should be part of the same thinking. It is one of the reasons we launched the Gecko Fund. Maintaining critical infrastructure is a shared responsibility.
Richard Forss, the Chief Technology Officer at EXANTE. He has more than 30 years of experience building trading technology for financial institutions, hedge funds, and fintech companies. At EXANTE, he leads the transformation and development of the company’s proprietary trading platform and manages a global team of 150+ developers.




