A brand new report is revealing that essentially the most difficult facet of using open supply tasks is maintaining with updates and patches.
Based on the 2025 State of Open Supply report from Perforce Software program, the Eclipse Basis, and the Open Supply Initiative, when requested to rank challenges on a scale of 1 to 5, over half of the 433 respondents ranked the next as a 3 or larger:
- Preserving software program up to date
- Assembly safety and compliance necessities
- Sustaining end-of-life (EOL) variations
“These three are, after all, very linked — maintaining with updates and patches and sustaining end-of-life variations are key to assembly safety and compliance necessities. Yearly the responses to this query remind us that it’s an uphill battle for organizations to remain on the most recent variations and/or have entry to safety updates and patches for EOL software program of their stacks,” the report authors wrote.
For instance, CentOS 7 reached EOL in June 2024 and on the time the survey was carried out (between September and December 2024), 40% of the most important enterprises had been nonetheless utilizing it and it was the third commonest Linux distribution.
Additional, 28% don’t have a plan in place for addressing CentOS vulnerabilities and eight% stated they don’t plan to patch CentOS CVEs. Solely 19% p.c say they’ve an LTS vendor offering patches and 13% have an in-house group that does it.
RELATED: Sonatype reveals 18,000 malicious open supply packages in its Q1 Open Supply Malware Index
When respondents who’re utilizing the proprietary model of open supply software program had been requested what’s stopping them from utilizing the open supply model, 44% stated it was the skilled assist and upkeep that comes with it. This was the most well-liked reply by a large margin, with the following hottest purpose—further options and customization—coming in at 25%.
The place open supply is getting used
Based on the report, the highest class for open supply utilization was cloud and container applied sciences, with 40% of respondents utilizing open supply software program in that space. The preferred cloud native open supply tasks had been Docker (59% of respondents utilizing it) and Kubernetes (39%).
Databases and information applied sciences had been the second most closely used open supply software program, at 33% of respondents. The preferred ones had been PostgreSQL (51%), MySQL (37%), and MariaDB (31%).
The report discovered that nearly half of organizations don’t have a whole lot of confidence of their information administration operations. When requested to rank their confidence in Huge Knowledge administration from one to 5, 47% of respondents scored themselves as two or much less and fewer than 10% ranked themselves as a 5.
They discovered that the largest problem in working with open supply databases or different information applied sciences was lack of personnel or personnel expertise, with over three quarters of respondents saying so.
“For that reason, some flip to business, managed options (i.e. Cloudera), however the trade-off is price. If the group can’t afford the commercially managed platform, they’re caught with the operational and personnel prices of those complicated stacks, typically needing to fall again on less-experienced DevOps engineers or flip to outdoors consultants once they can’t clear up issues,” the report states.
The third hottest class for open supply utilization this yr was programming languages and frameworks (33%), which was a rise from the earlier yr. The report authors imagine this is a sign that extra organizations at the moment are creating open supply software program and never simply consuming it.
The report signifies that open supply programming languages are the primary funding space for small firms with 1-20 staff, which suggests they’re creating their very own options in-house.
The smallest organizations are additionally contributing to open supply tasks far more than bigger organizations with 5,000 staff or extra. Fifty seven p.c of small firms contributed in comparison with 25% of enormous firms.
“The State of Open Supply Report demonstrates that huge enterprises are usually not essentially extra mature in the case of their open supply technique,” stated Stefano Maffulli, govt director of the Open Supply Initiative (OSI). “It’s encouraging to see that even very small organizations are dedicated to not simply consuming open supply, however giving again to the group by contributing code and supporting OSS foundations.”
