A new report is revealing that the most challenging aspect of utilizing open source projects is keeping up with updates and patches.
According to the 2025 State of Open Source report from Perforce Software, the Eclipse Foundation, and the Open Source Initiative, when asked to rank challenges on a scale of one to five, over half of the 433 respondents ranked the following as a three or higher:
- Keeping software updated
- Meeting security and compliance requirements
- Maintaining end-of-life (EOL) versions
“These three are, of course, very connected — keeping up with updates and patches and maintaining end-of-life versions are key to meeting security and compliance requirements. Every year the responses to this question remind us that it is an uphill battle for organizations to stay on the latest versions and/or have access to security updates and patches for EOL software in their stacks,” the report authors wrote.
For example, CentOS 7 reached EOL in June 2024 and at the time the survey was conducted (between September and December 2024), 40% of the largest enterprises were still using it and it was the third most common Linux distribution.
Further, 28% don’t have a plan in place for addressing CentOS vulnerabilities and 8% said they don’t plan to patch CentOS CVEs. Only 19% percent say they have an LTS vendor providing patches and 13% have an in-house team that does it.
RELATED: Sonatype reveals 18,000 malicious open source packages in its Q1 Open Source Malware Index
When respondents who are using the proprietary version of open source software were asked what’s preventing them from using the open source version, 44% said it was the professional support and maintenance that comes with it. This was the most popular answer by a wide margin, with the next most popular reason—additional features and customization—coming in at 25%.
Where open source is being used
According to the report, the top category for open source usage was cloud and container technologies, with 40% of respondents using open source software in that area. The most popular cloud native open source projects were Docker (59% of respondents using it) and Kubernetes (39%).
Databases and data technologies were the second most heavily used open source software, at 33% of respondents. The most popular ones were PostgreSQL (51%), MySQL (37%), and MariaDB (31%).
The report found that almost half of organizations do not have a lot of confidence in their data management operations. When asked to rank their confidence in Big Data management from one to five, 47% of respondents scored themselves as two or less and less than 10% ranked themselves as a 5.
They found that the biggest challenge in working with open source databases or other data technologies was lack of personnel or personnel experience, with over three quarters of respondents saying so.
“For this reason, some turn to commercial, managed solutions (i.e. Cloudera), but the trade-off is cost. If the organization cannot afford the commercially managed platform, they are stuck with the operational and personnel costs of these complex stacks, often needing to fall back on less-experienced DevOps engineers or turn to outside consultants when they cannot solve problems,” the report states.
The third most popular category for open source usage this year was programming languages and frameworks (33%), which was an increase from the previous year. The report authors believe this is an indication that more organizations are now developing open source software and not just consuming it.
The report indicates that open source programming languages are the number one investment area for small companies with 1-20 employees, which suggests they are creating their own solutions in-house.
The smallest organizations are also contributing to open source projects way more than larger organizations with 5,000 employees or more. Fifty seven percent of small companies contributed compared to 25% of large companies.
“The State of Open Source Report demonstrates that big enterprises are not necessarily more mature when it comes to their open source strategy,” said Stefano Maffulli, executive director of the Open Source Initiative (OSI). “It is encouraging to see that even very small organizations are committed to not just consuming open source, but giving back to the community by contributing code and supporting OSS foundations.”
