Taking Stock of the United Nations Open Source Principles

What are the UN Open Source Principles?

The UN Open Source Principles is a set of eight high-level guiding principles that were recently adopted by the UN Chief Executive Board’s Digital Technology Network (DTN). They open a new window and provide guidelines to drive collaboration and Open Source adoption within the UN and globally. They send a strong signal of the importance of open source and how individuals and organisations need to act to benefit but also support a thriving and sustainable open source community.

The Open Source Initiative was the first to endorse the principles, followed up by sixteen key organizations of the open source movement.

In this post we endorse the UN Open Source principles and take stock on their implications for the domains of risk management and sustainable finance. We take a step back and discuss how open source is an essential ingredient for the PODA manifesto, putting people above data and algorithms.

The Eight Principles

The principles are concise and to the point. First we will enumerate them verbatim. Our interpretation of each principle and the linkages and challenges to the subjects relevant to our mission follow in the next session.

1. Open by Default: Making Open Source the standard approach for projects
2. Contribute Back: Encouraging active participation in the Open Source ecosystem
3. Secure by Design: Making security a priority in all software projects
4. Foster inclusive participation and community building: Enabling and facilitating diverse and inclusive contributions
5. Design for Reusability: Designing projects to be interoperable across various platforms and ecosystems
6. Provide Documentation: Providing thorough documentation for end-users, integrators and developers
7. RISE (recognize, incentivize, support and empower): Empowering individuals and communities to actively participate
8. Sustain and Scale: Supporting the development of solutions that meet the evolving needs of the UN system and beyond.

What do these principles mean for Open Risk?

Open Risk is a longtime advocate (indeed this is our founding vision), starting with a presentation given at the Dutch TopQuants / Dutch Central Bank (DNB) meeting in Amsterdam on Nov 18th 2015 almost a decade ago. The challenges facing proprietary risk models and the benefits of such an open source approach for the broader domain of risk management and sustainable finance has been our consistent argument and driving vision in the frameworks and tools we develop. It is thus no surprise that we find the UN principles deeply aligned with the ideals we have actively promoted for over a decade.

But what do they mean more concretely in the reality of 2025? Let us unpack them one by one.

Open by Default

When it comes to the financial system, Open versus Closed (proprietary) is not a binary choice. Whether due to user privacy (which heretofore the financial system guarded somewhat better than newer operators), whether required to preserve commercial secrecy, or maybe just down-to-earth reasons (e.g. lack or resources to support and open source program) each organization must strike its own balance between what it can release and what remains private.

Yet till this date in the broader financial sector open source software is the exception and very far from being the default. This systemic shortcoming reduces transparency, hinders collaboration, complicates inclusion and raises costs. Open source platforms that focus on the technical elements that underpin well managed and sustainable financial systems would be empowering people globally. There is enormous leverage in the open source modality, something that is not lost to those most intimate with software development.

Contribute Back

In its most well developed manifestation, open source is not simply the release of in-house code under an open source license. It means an active give-and-take mentality. Participation and contribution creates a network of interlocked interests that sustains communities and accelerates innovation.

A good example that is relevant for our domain concerns algorithms relevant for risk analysis. In recent decades there has been a revolution in the open source data science universe. At the very core of this development lies what is sometimes nicknamed Jupyter. A set of three parallel open source data science ecosystems that have truly democratized the ability of organizations to analyse and manage risks. Our contributions in this respect are aggregated in our GitHub Repository where a variety of tools and frameworks are developed on the basis of popular open source libraries.

Secure by Design

Security is vital for any open source initiatives relevant for the financial domain. The possible attack vectors are many and the incentives more than obvious. In fact any vulnerability of proprietary software used in production will likely have an analog in the corresponding open source version. Yet Open Source brings a powerful defense mechanism to the table. This is known as Linus’s Law or Many Eyes Make All Bugs Shallow. The amount of inspection and scrutiny that can be afforded by a wide community or developers and practitioners is not typically available except to very largest of organizations. A broadly adopted and supported toolkit for risk management would thus benefit for the best possible security.

Yet each new era brings its own new challenges and open source software development is no different in this respect. The ease and empowerment afforded by widely available open source libraries and tools means that there is a new ecosystem pathology that open source practitioners need be vigilant about: A so-called dependency confusion attack is a type of software supply chain attack where malicious code is injected into an project by tricking users into downloading a compromised package from a public repository.

Just like any healthy ecosystem, open source needs to guard against invasive species.

Enabling and facilitating diverse and inclusive contributions

It is not a secret that software development, including open source software development, is not particularly diverse. In both gender and geographic terms there is a skewed distribution that reflects historical development paths and can (and must) become more broad-based. The good news is that the modality with which open source software is developed (online communities) is entirely amenable to be inclusive, welcoming, and empowering for everyone as it removes various barriers.

Any open source project should minimally include a Code of Conduct declaration and stick by it. Our choice has been to adopt that Django Community code of conduct.

Design for Reusability

Risk management and sustainable finance, even while narrower than the many domains of the economy that are currently rapidly digitizing are still vast and complex areas. We aimed to capture and visualize that immense complexity in the post Seven Heavens of Finance where just one of the functions of the financial system (providing credit) is decomposed into the multiple layers of information flow.

Reusable and interoperable software means adopting principles and techniques such as modularity and well defined API’s that are self-documenting. This is why we focus on the one hand of well defined, narrow, libraries such as transitionMatrix that do one thing only, and on the other we advocate the use of semantic technologies that can glue data sources and computation engines together.

Provide Documentation

Effective documentation is what transforms the theoretical freedom afforded by open source ecosystem into an accessible reality for end-users, integrators, and developers. From the beginning we embarked on documenting the challenging technical risk management and sustainable finance knowledge bases in the most thorough and accessible manner (given our resources). The center pieces in this effort are the Open Risk Manual and the Open Risk Academy. Their primary functions are in their respective names, a manual and a school.

RISE (recognize, incentivize, support and empower)

Empowering individuals and communities to actively participate in our technical domain means primarily providing support via any and all communication channels that are congruent with our vision. This is the motivation for setting up the Open Risk Commons but also engaging online in open source social media platforms such as Mastodon and Bluesky.

Sustain and Scale

Sustainability (in the economic sense) and scaling our open source solutions to achieve real impact is a challenge in a domain that is traditionally overwhelmingly dominated by proprietary interests. As Open Risk we have pursued every opportunity to fund development and foster a community of use - subject to alignment with our values and vision.

Take a Step Back: Open Source is really about People over Data and Algorithms

This item-by-item examination of our own trajectory against the UN open source principles shows their universal applicability in the widely different contexts that emerge in the context of rapidly digitising societies.

Yet below the concrete guidance afforded by such principles there is an all-encompassing implicit vision that must become a beacon for all practitioners in software development. We call this the PODA manifesto (People over Data and Algorithms, but incidentally also: Protect our Democracy).

The era of digital information gathering and algorithmic manipulation of such data is unlikely to be temporary. Massively large societies cannot function without powerful and pervasive information management tools. Sensors and telemetry gather immense volumes of data about both environment and people. Algorithms are trained on such data and are applied with immediate effect on people’s lives. There is an infinity of possibilities in designing and using information technology spanning the spectrum from dystopia to utopia. Visionary pioneers such as Norbert Wiener warned us very early on about The Human Use of Human Beings in the cybernetic era.

Open Source is one of the most potent mechanisms for a society pursuing digital transformation to mitigate the dark scenarios.