A brand new report is revealing that probably the most difficult facet of using open supply initiatives is maintaining with updates and patches.
In keeping with the 2025 State of Open Supply report from Perforce Software program, the Eclipse Basis, and the Open Supply Initiative, when requested to rank challenges on a scale of 1 to 5, over half of the 433 respondents ranked the next as a 3 or greater:
- Conserving software program up to date
- Assembly safety and compliance necessities
- Sustaining end-of-life (EOL) variations
“These three are, in fact, very linked — maintaining with updates and patches and sustaining end-of-life variations are key to assembly safety and compliance necessities. Yearly the responses to this query remind us that it’s an uphill battle for organizations to remain on the newest variations and/or have entry to safety updates and patches for EOL software program of their stacks,” the report authors wrote.
For instance, CentOS 7 reached EOL in June 2024 and on the time the survey was carried out (between September and December 2024), 40% of the biggest enterprises had been nonetheless utilizing it and it was the third most typical Linux distribution.
Additional, 28% don’t have a plan in place for addressing CentOS vulnerabilities and eight% mentioned they don’t plan to patch CentOS CVEs. Solely 19% % say they’ve an LTS vendor offering patches and 13% have an in-house workforce that does it.
RELATED: Sonatype reveals 18,000 malicious open supply packages in its Q1 Open Supply Malware Index
When respondents who’re utilizing the proprietary model of open supply software program had been requested what’s stopping them from utilizing the open supply model, 44% mentioned it was the skilled help and upkeep that comes with it. This was the most well-liked reply by a large margin, with the following hottest purpose—extra options and customization—coming in at 25%.
The place open supply is getting used
In keeping with the report, the highest class for open supply utilization was cloud and container applied sciences, with 40% of respondents utilizing open supply software program in that space. The most well-liked cloud native open supply initiatives had been Docker (59% of respondents utilizing it) and Kubernetes (39%).
Databases and knowledge applied sciences had been the second most closely used open supply software program, at 33% of respondents. The most well-liked ones had been PostgreSQL (51%), MySQL (37%), and MariaDB (31%).
The report discovered that nearly half of organizations would not have numerous confidence of their knowledge administration operations. When requested to rank their confidence in Massive Information administration from one to 5, 47% of respondents scored themselves as two or much less and fewer than 10% ranked themselves as a 5.
They discovered that the largest problem in working with open supply databases or different knowledge applied sciences was lack of personnel or personnel expertise, with over three quarters of respondents saying so.
“Because of this, some flip to industrial, managed options (i.e. Cloudera), however the trade-off is price. If the group can not afford the commercially managed platform, they’re caught with the operational and personnel prices of those complicated stacks, typically needing to fall again on less-experienced DevOps engineers or flip to outdoors consultants once they can not resolve issues,” the report states.
The third hottest class for open supply utilization this yr was programming languages and frameworks (33%), which was a rise from the earlier yr. The report authors consider this is a sign that extra organizations at the moment are creating open supply software program and never simply consuming it.
The report signifies that open supply programming languages are the primary funding space for small corporations with 1-20 workers, which suggests they’re creating their very own options in-house.
The smallest organizations are additionally contributing to open supply initiatives far more than bigger organizations with 5,000 workers or extra. Fifty seven % of small corporations contributed in comparison with 25% of huge corporations.
“The State of Open Supply Report demonstrates that large enterprises are usually not essentially extra mature in the case of their open supply technique,” mentioned Stefano Maffulli, govt director of the Open Supply Initiative (OSI). “It’s encouraging to see that even very small organizations are dedicated to not simply consuming open supply, however giving again to the neighborhood by contributing code and supporting OSS foundations.”