A brand new report is revealing that essentially the most difficult side of using open supply tasks is maintaining with updates and patches.
In accordance with the 2025 State of Open Supply report from Perforce Software program, the Eclipse Basis, and the Open Supply Initiative, when requested to rank challenges on a scale of 1 to 5, over half of the 433 respondents ranked the next as a 3 or increased:
- Maintaining software program up to date
- Assembly safety and compliance necessities
- Sustaining end-of-life (EOL) variations
“These three are, after all, very related — maintaining with updates and patches and sustaining end-of-life variations are key to assembly safety and compliance necessities. Yearly the responses to this query remind us that it’s an uphill battle for organizations to remain on the most recent variations and/or have entry to safety updates and patches for EOL software program of their stacks,” the report authors wrote.
For instance, CentOS 7 reached EOL in June 2024 and on the time the survey was performed (between September and December 2024), 40% of the most important enterprises have been nonetheless utilizing it and it was the third commonest Linux distribution.
Additional, 28% don’t have a plan in place for addressing CentOS vulnerabilities and eight% mentioned they don’t plan to patch CentOS CVEs. Solely 19% % say they’ve an LTS vendor offering patches and 13% have an in-house crew that does it.
RELATED: Sonatype reveals 18,000 malicious open supply packages in its Q1 Open Supply Malware Index
When respondents who’re utilizing the proprietary model of open supply software program have been requested what’s stopping them from utilizing the open supply model, 44% mentioned it was the skilled help and upkeep that comes with it. This was the most well-liked reply by a large margin, with the subsequent hottest cause—further options and customization—coming in at 25%.
The place open supply is getting used
In accordance with the report, the highest class for open supply utilization was cloud and container applied sciences, with 40% of respondents utilizing open supply software program in that space. The preferred cloud native open supply tasks have been Docker (59% of respondents utilizing it) and Kubernetes (39%).
Databases and information applied sciences have been the second most closely used open supply software program, at 33% of respondents. The preferred ones have been PostgreSQL (51%), MySQL (37%), and MariaDB (31%).
The report discovered that just about half of organizations would not have loads of confidence of their information administration operations. When requested to rank their confidence in Massive Information administration from one to 5, 47% of respondents scored themselves as two or much less and fewer than 10% ranked themselves as a 5.
They discovered that the largest problem in working with open supply databases or different information applied sciences was lack of personnel or personnel expertise, with over three quarters of respondents saying so.
“For that reason, some flip to industrial, managed options (i.e. Cloudera), however the trade-off is price. If the group can’t afford the commercially managed platform, they’re caught with the operational and personnel prices of those complicated stacks, typically needing to fall again on less-experienced DevOps engineers or flip to outdoors consultants once they can’t resolve issues,” the report states.
The third hottest class for open supply utilization this 12 months was programming languages and frameworks (33%), which was a rise from the earlier 12 months. The report authors imagine this is a sign that extra organizations at the moment are growing open supply software program and never simply consuming it.
The report signifies that open supply programming languages are the primary funding space for small corporations with 1-20 workers, which suggests they’re creating their very own options in-house.
The smallest organizations are additionally contributing to open supply tasks far more than bigger organizations with 5,000 workers or extra. Fifty seven % of small corporations contributed in comparison with 25% of huge corporations.
“The State of Open Supply Report demonstrates that massive enterprises aren’t essentially extra mature relating to their open supply technique,” mentioned Stefano Maffulli, govt director of the Open Supply Initiative (OSI). “It’s encouraging to see that even very small organizations are dedicated to not simply consuming open supply, however giving again to the neighborhood by contributing code and supporting OSS foundations.”