We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

As a global leader, we deliver strategic advice and solutions, including capital raising, risk management, and trade finance services to corporations, institutions and governments.

Learn more about our solutions:

  

Serving the world's largest corporate clients and institutional investors, we support the entire investment cycle with market-leading research, analytics, execution and investor services.

Learn more about our solutions:

  

We are a leader in investment management, dedicating to creating a strategic advantage for institutions by connecting clients with J.P. Morgan investment professionals globally.

Learn more about our solutions:

    

Our financial advisors create solutions addressing strategic investment approaches, professional portfolio management and a broad range of wealth management services.

Learn more about our solutions:

    

Leverages cutting-edge technologies and innovative tools to bring clients industry-leading analysis and investment advice.

Learn more:

    

The latest news and announcements.

Learn more:

    

For company information and brand assets for editorial use.

Learn more:

    

The latest news and announcements.

Learn more:

    

In a fast-moving and increasingly complex global economy, our success depends on how faithfully we adhere to our core principles: delivering exceptional client service; acting with integrity and responsibility; and supporting the growth of our employees.

Learn more:

    

J.P. Morgan is a global leader in financial services, offering solutions to the world's most important corporations, governments and institutions in more than 100 countries. As announced in early 2018, JPMorgan Chase will deploy $1.75 billion in philanthropic capital around the world by 2023. We also lead volunteer service activities for employees in local communities by utilizing our many resources, including those that stem from access to capital, economies of scale, global reach and expertise.

Learn more:

    

With over 50,000 technologists across 21 Global Technology Centers, globally, we design, build and deploy technology that enable solutions that are transforming the financial services industry and beyond.

Learn more:

    

Technology Banner

For general inquiries regarding JPMorgan Chase & Co. or other lines of business, please call +1 212 270 6000.

Learn more:

      

For general inquiries regarding JPMorgan Chase & Co. or other lines of business, please call +1 212 270 6000.

Learn more:

      

Doing Our Part to Secure the Open Source Ecosystem

Rao Lakkakula, Head of Product Security and OpenSSF Governing Board Member
Benjamin Flatgard, Executive Director, Cybersecurity & Technology Policy & Partnerships

At JPMorgan Chase, we rely on open source software to help drive our innovation. Our more than 53,000 global technologists utilize thousands of open source packages to develop tools that give our company, clients, and customers an edge. Today, we took a step to enhance the security of these packages and make our operations – and the entire ecosystem – more resilient. We are proud to have worked with Open Source Security Foundation (OpenSSF) and its members, to create the new Open Source Software Security Mobilization Plan, which will help to address security issues in the software supply chain.

 

Why is securing the Open Source Software Supply Chain important?

Our technology is only as good as our ability to secure it. Like all software, open source code bases have vulnerabilities within them. In 2021, NIST reported that more than 22,000 unique vulnerabilities were discovered that year and reported as Common Vulnerabilities and Exposures. Understanding and mitigating vulnerabilities before going to production helps to reduce the risk in investments and removes friction for developers deploying code. 

Securing the software supply chain is critical to protecting our customers, maintaining their trust, and running our services without interruption. Open source code is integrated in software solutions provided by nearly all service providers across the world. We need to understand what goes into the technology that we consume, its provenance, and how to verify its integrity if we want to secure it. This is what we mean by securing the software supply chain.

 

What is JPMorgan Chase’s connection to the Open Source community?

We have a long history of building successful open source projects, forging open standards, and contributing to the open source community at large. In the early 2000s, we developed Advanced Messaging Queuing Protocol (AMPQ), an open standard for passing business messages between applications or organizations. More recently, we launched Quorum, an enterprise-grade, open sourced, permissioned blockchain network that empowers businesses of all types to build high-performance applications at scale. Our contributions and strategic investment in Quorum is a testament to our technical prowess and ability to create value in this space. In 2020, we sold Quorum to allow it to become a broader industry standard.

As a Fintech Open Source Foundation (FINOS) member, we have contributed to and maintained projects such as Perspective, an interactive analytics and data visualization component, and many other open source projects on GitHub.

 

Driving security collaborations across Industry

In 2019, JPMorgan Chase partnered with tech giants, like Microsoft, IBM, and Intel among others, to form the Open Source Security Coalition (OSSC). In 2020, we were a founding member of the OpenSSF, which supports and advances the security of open source software while bringing together efforts from the Core Infrastructure Initiative, GitHub Security Lab, and more. Other founding members include Google, GitHub, IBM, Intel, Microsoft, NCC Group, and Red Hat. As one of the OpenSSF premier members, we have supported and contributed to its projects and initiatives. 

To inform our vulnerability management process, we are working to ingest and consume Software Bills of Materials (SBOM). A SBOM is like an ingredients list for software – it identifies which code packages, including open source, go into a piece of software that has been developed. In 2021, we launched a Financial Sector SBOM project with the US Department of Homeland Security, National Telecommunications and Information Administration, an agency of the US Department of Commerce, Financial Services Information Sharing and Analysis Center, and other global financial institutions including Bank of America, Citi and Morgan Stanley, to employ a provisional SBOM format and exercise SBOM use cases for production and consumption. The goal of this ongoing initiative is to demonstrate the successful use of SBOMs and encourage cross-sector efforts to establish standardized formats and processes.

 

Security is a process, not the end state

At JPMorgan Chase, security is everyone’s job. We regularly share security best practices with employees, train our developers on secure software development, and invest in automated tools that identify security issues in code. As our developers contribute to open source projects, this focus on training and enhanced security processes will contribute to the broad uplift of security across open source software. 

We are committed to following professional and technical standards for the open source code that our developers upstream or release themselves. We continue to support and take an active role in shaping industry and government’s efforts to secure the open source software supply chain, including today’s Open Source Software Security Mobilization Plan