A new Linux Foundation report reveals how organizations worldwide are adopting, using, and perceiving open source software.
The Linux Foundation’s latest report, The state of global open source, has just been released in collaboration with Canonical. The report follows the Linux Foundation’s European spotlight report, released earlier this year, and confirms that many of the trends the European spotlight report unveiled are true on a global scale. In particular, the global spotlight report confirms the role of open source software as the foundation of business-critical systems worldwide, and indicates a continued increase in adoption. However, organizations continue to lack the governance, security testing, and strategic maturity required to manage open source strategically and securely.
The report suggests that most organizations expect enterprise-grade performance from open source software, but under-invest in the required governance frameworks, security practices, and community engagement.
According to the report, the trend of increasing open source adoption in the enterprise is set to continue, as 83% of enterprises consider open source software adoption valuable to their future. Likewise, the report reveals the centrality of open source software to the modern enterprise. Globally, enterprises have adopted open source software throughout their technical stacks: 55% have adopted open source operating systems, whilst 49% have adopted open source cloud and container technologies, and 46% open source web and application development.
The widespread confidence that open source will play a pivotal role in many organizations’ futures is closely connected to a growing understanding of the benefits of open source software adoption.
This report confirms a shift in enterprises’ strategic mindset around open source: 82% of respondents considered open source as an asset that enables innovation. Historically, open source software was often reserved for specific projects or use cases, like setting up web servers – with wider organizational use being viewed with some scepticism.
Open source is now a “must-have.” Why is this the case? Here’s what the respondents had to say:
Compared to the benefits seen by organizations using open source software in 2024, 46% reported increased business value from open source over the past year. The growing interest in and use of open source technologies is particularly clear for certain technologies, like AI.
The growing value of open source can partly be attributed to the influence of AI. Since 2024, there has been an increase in the adoption of open source AI and machine learning (ML) applications from 35% to 40% – a rise of 5%. Globally, AI and ML were perceived to be the technology most benefiting from being open source. Code visibility ensures organizations can more easily audit their AI systems, which makes compliance simpler, provides more transparency into how the AI model functions, and enables companies to run the AI on their own infrastructure – ensuring sensitive data never leaves the organization’s control.
With growing adoption of AI and ML come new cybersecurity risks and requirements. However, the report indicates that organizations currently lack mature governance structures for their open source estates, creating additional complications to adopting AI and ML securely.
Despite increasing adoption of open source technologies, many organizations still lack a mature governance strategy for their open source software.
The number of organizations that have defined a clear open source strategy has grown by just 2% in the last year, to a total of 34%. That means that nearly two-thirds of organizations rely instead on informal strategies of governance of their open source estates, primarily due to budget constraints, shifting priorities and new strategic requirements. For example, when evaluating open source components for adoption:
With less than half of organizations taking these important formal strategies before adoption, the report indicates that this “creates significant risk exposure and limits organizations’ ability to capture the full strategic value of open source participation,” signalling that this is a concern that organizations must take seriously.
Similarly, organizations demonstrate a lack of consensus around which security features and assurances matter to them when adopting open source components, with no single certification or assurance mechanism achieving adoption by more than a quarter of open source solutions. Almost a third of organizations (28%) don’t know which assurances would make them more likely to trust an open source solution. This opens them up to serious security risks, like supply chain attacks.
As a result, enterprises are increasingly turning to paid support options for their open source estates.
More than half of respondents consider paid support for their open source essential. As open source technologies have become critical to business infrastructure, expectations for open source software support are beginning to mirror that of commercial software standards:
Acquiring paid support for open source software makes this level of support achievable, which organizations broadly accept. On a granular level, the industries with the highest proportion that consider paid support essential are those that process sensitive or valuable data, such as manufacturing (97%) followed by financial services (96%), IT (91%) and government (92%).
The Linux Foundation’s The state of global open source reveals that enterprises are relying on open source software and perceiving its benefits. However, increasing engagement with open source communities, more structured governance of open source estates, and structured security evaluations of open source elements before adoption will help organizations to strengthen the resilience of their open source infrastructure.
FIPS 140 is a highly demanding security standard that’s mandatory for almost all high-security and…
Open source has come a long way. Recently I was watching a keynote address by…
Sylva 1.5 becomes the first release to include Kubernetes 1.32, bringing the latest open source…
Expansion ensures business continuity without forcing major upgrades Today, Canonical announced the expansion of the…
TL;DR: YARD-Lint catches documentation issues, just like RuboCop for code. Star it and use it…
Deploy a FedRAMP-ready kubernetes cluster and application suite, with FIPS 140-3 crypto and DISA-STIG hardening…