Open source software is integral to the financial services sector, powering everything from payment systems to fraud detection. As reliance on this technology grows, financial institutions face increased pressure to ensure the security of the software they use. At the Open Source in Finance Forum (OSFF) in New York, OpenSSF sponsored discussions aimed at addressing these security challenges. Their focus included connecting software maintainers with financial organizations and fostering collaboration to develop shared solutions. Three key talks highlighted strategies for securing open source in finance. Jamie Thomas from IBM discussed the critical role open source plays in AI, noting that 80-90% of modern software relies on it. She outlined emerging cyber risks associated with AI, including threats from malware in model weights and compliance issues. The need for early collaboration in shaping AI security standards was emphasized as a way to mitigate future risks. Stephen Augustus from Bloomberg and Michael Lieberman from Kusari introduced the Open Source Project Security (OSPS) Baseline, a checklist designed to help financial institutions manage open source security. This framework enhances audit readiness and promotes better communication among security, legal, and engineering teams. Christopher "CRob" Robinson of OpenSSF addressed the instability in vulnerability data, which poses significant risks for financial services. He explained how gaps in vulnerability metadata can disrupt enterprise risk management and highlighted the importance of community collaboration to stabilize the data supply chain. The talks underscored the urgency for financial services to adapt and strengthen their open source security practices as they navigate evolving threats and regulatory demands.