JR/T 0290-2024
Financial Industry Open Source Software Application Management Guide (English Version)

Standard No.
JR/T 0290-2024
Language
Chinese, Available in English version
Release Date
2024
Published By
Professional Standard - Finance  CN  /  JR
Latest
JR/T 0290-2024
 
Introduction

Analysis of the core architecture of the standard

Management dimension Traditional model Requirements of this standard Improvement value
Organizational structure Decentralized management Decision-making + management dual teams Responsibility clarity increased by 300%
Process control Segmented management Closed loop of the entire life cycle Risk discovery efficiency increased by 5 times
Tool support Manual records Automated management platform Management costs reduced by 60%

Key implementation points

Typical application scenario: Bank core system transformation

When a national commercial bank introduced the Apache Dubbo framework in its distributed system transformation, it strictly followed clause 7.2 of the standard:

  1. The technical team completed the architecture adaptability assessment
  2. The security department scanned for the CVE-2022-39135 vulnerability
  3. Legal confirmed the compliance of the Apache 2.0 license

Advanced risk management solution

Risk type Detection frequency Disposal time limit Tool recommendations
License changes Quarterly scans 15 working days FOSSology
High-risk vulnerabilities Real-time monitoring 72 hours Black Duck

Tool implementation path

Referring to Chapter 10 of the standard, it is recommended to build in three stages:

  • Primary stage: Establish a product warehouse (Artifactory/Nexus)
  • Intermediate stage: Deploy SCA tools (Checkmarx/Synopsys)
  • Advanced stage: Build a unified management platform

JR/T 0290-2024 Referenced Document

  • GB/T 28458-2020 Information security technology—Cybersecurity vulnerability identification and description specification
  • GB/T 30276-2020 Information security technology—Specification for cybersecurity vulnerability management
  • GB/T 30279-2020 Information security technology—Guidelines for categorization and classification of cybersecurity vulnerability
  • JR/T 0289-2024 Open Source Technology for the Financial Industry Terminology
  • JR/T 0291-2024 Financial Industry Open Source Software Application Evaluation Standards

JR/T 0290-2024 history

  • 2024 JR/T 0290-2024 Financial Industry Open Source Software Application Management Guide
Financial Industry Open Source Software Application Management Guide

Topics on standards and specifications

management software application scanning software software application software application vendor software

Standard and Specification

IEEE P3390/D2, October 2025 IEEE Draft Standard for Security Management Capability Framework of Open Source Software Supply Chain for Software Providers JRT 0287-2023 Information Disclosure Guidelines for Financial Applications of Artificial Intelligence Algorithms HB 90.9-2000 Software Development - Guide to ISO 9001:2000 DIN EN ISO 16739-1:2021 Industry Foundation Classes (IFC) for data sharing in the construction and facility management industries - Part 1: Data schema (ISO 16739-1:2018); English IEEE 3410-2025 IEEE Guide for Large-Scale Financial Risk Management Models AWWA JTMGT61363 Visioning Tomorrow's Water and Wastewater Utility: Preparing for Tomorrow's Agenda Today IEEE Std 828-2005 IEEE Standard for Software Configuration Management Plans - Redline AWWA ACE93049 Strategies to Enhance Water Utilities' Credit-Worthiness Through Risk Management JRT 0298-2023 Robotic Process Automation Technology Finance Application Guide AAMI MDS-2000 Developing Safe, Effective and Reliable Medical Software


Copyright ©2026 All Rights Reserved
Update: Wed, 15 Apr 2026 23:37:52 +0000