From startups to legacy brands, you're making your mark. We're here to help.
Key Links
Prepare for future growth with customized loan services, succession planning and capital for business equipment.
Key Links
Serving the world's largest corporate clients and institutional investors, we support the entire investment cycle with market-leading research, analytics, execution and investor services.
Key Links
Providing investment banking solutions, including mergers and acquisitions, capital raising and risk management, for a broad range of corporations, institutions and governments.
Your partner for commerce, receivables, cross-currency, working capital, blockchain, liquidity and more.
Key Links
A uniquely elevated private banking experience shaped around you.
Whether you want to invest on your own or work with an advisor to design a personalized investment strategy, we have opportunities for every investor.
For Companies and Institutions
From startups to legacy brands, you're making your mark. We're here to help.
Serving the world's largest corporate clients and institutional investors, we support the entire investment cycle with market-leading research, analytics, execution and investor services.
Your partner for commerce, receivables, cross-currency, working capital, blockchain, liquidity and more.
Prepare for future growth with customized loan services, succession planning and capital for business equipment.
Providing investment banking solutions, including mergers and acquisitions, capital raising and risk management, for a broad range of corporations, institutions and governments.
For Individuals
A uniquely elevated private banking experience shaped around you.
Whether you want to invest on you own or work with an advisor to design a personalized investment strategy, we have opportunities for every investor.
Explore a variety of insights.
Key Links
Insights by Topic
Explore a variety of insights organized by different topics.
Key Links
Insights by Type
Explore a variety of insights organized by different types of content and media.
Key Links
We aim to be the most respected financial services firm in the world, serving corporations and individuals in more than 100 countries.
Key Links
At JPMorgan Chase, we rely on open source software to help drive our innovation. Our more than 53,000 global technologists utilize thousands of open source packages to develop tools that give our company, clients, and customers an edge. Today, we took a step to enhance the security of these packages and make our operations – and the entire ecosystem – more resilient. We are proud to have worked with Open Source Security Foundation (OpenSSF) and its members, to create the new Open Source Software Security Mobilization Plan, which will help to address security issues in the software supply chain.
Our technology is only as good as our ability to secure it. Like all software, open source code bases have vulnerabilities within them. In 2021, NIST reported that more than 22,000 unique vulnerabilities were discovered that year and reported as Common Vulnerabilities and Exposures. Understanding and mitigating vulnerabilities before going to production helps to reduce the risk in investments and removes friction for developers deploying code.
Securing the software supply chain is critical to protecting our customers, maintaining their trust, and running our services without interruption. Open source code is integrated in software solutions provided by nearly all service providers across the world. We need to understand what goes into the technology that we consume, its provenance, and how to verify its integrity if we want to secure it. This is what we mean by securing the software supply chain.
We have a long history of building successful open source projects, forging open standards, and contributing to the open source community at large. In the early 2000s, we developed Advanced Messaging Queuing Protocol (AMPQ), an open standard for passing business messages between applications or organizations. More recently, we launched Quorum, an enterprise-grade, open sourced, permissioned blockchain network that empowers businesses of all types to build high-performance applications at scale. Our contributions and strategic investment in Quorum is a testament to our technical prowess and ability to create value in this space. In 2020, we sold Quorum to allow it to become a broader industry standard.
As a Fintech Open Source Foundation (FINOS) member, we have contributed to and maintained projects such as Perspective, an interactive analytics and data visualization component, and many other open source projects on GitHub.
In 2019, JPMorgan Chase partnered with tech giants, like Microsoft, IBM, and Intel among others, to form the Open Source Security Coalition (OSSC). In 2020, we were a founding member of the OpenSSF, which supports and advances the security of open source software while bringing together efforts from the Core Infrastructure Initiative, GitHub Security Lab, and more. Other founding members include Google, GitHub, IBM, Intel, Microsoft, NCC Group, and Red Hat. As one of the OpenSSF premier members, we have supported and contributed to its projects and initiatives.
To inform our vulnerability management process, we are working to ingest and consume Software Bills of Materials (SBOM). A SBOM is like an ingredients list for software – it identifies which code packages, including open source, go into a piece of software that has been developed. In 2021, we launched a Financial Sector SBOM project with the US Department of Homeland Security, National Telecommunications and Information Administration, an agency of the US Department of Commerce, Financial Services Information Sharing and Analysis Center, and other global financial institutions including Bank of America, Citi and Morgan Stanley, to employ a provisional SBOM format and exercise SBOM use cases for production and consumption. The goal of this ongoing initiative is to demonstrate the successful use of SBOMs and encourage cross-sector efforts to establish standardized formats and processes.
At JPMorgan Chase, security is everyone’s job. We regularly share security best practices with employees, train our developers on secure software development, and invest in automated tools that identify security issues in code. As our developers contribute to open source projects, this focus on training and enhanced security processes will contribute to the broad uplift of security across open source software.
We are committed to following professional and technical standards for the open source code that our developers upstream or release themselves. We continue to support and take an active role in shaping industry and government’s efforts to secure the open source software supply chain, including today’s Open Source Software Security Mobilization Plan.
You're now leaving J.P. Morgan
J.P. Morgan’s website and/or mobile terms, privacy and security policies don’t apply to the site or app you're about to visit. Please review its terms, privacy and security policies to see how they apply to you. J.P. Morgan isn’t responsible for (and doesn’t provide) any products, services or content at this third-party site or app, except for products and services that explicitly carry the J.P. Morgan name.