The future will likely trend towards more open source than software traditionally has. The advent of cloud infrastructure 1.0 drove a shift to SaaS models where the cost of a managed service was hard to ignore—and orders of magnitude over the bare metal physical software they replaced—with vendor lock-in, and vendor reliance becoming a calculated trade-off.
The open source option: But now, as LLMs battle for dominance, commoditization is happening faster than ever, with companies already choosing open source alternatives that were once not possible to reasonably run. But the past shows us that not all open source is created equal. A new report serves as a stark reminder that failing to manage OSS lifecycles, particularly outdated software, can turn perceived cost savings into significant business risk. The 2025 State of Open Source Report, published by Perforce's OpenLogic division in collaboration with the Open Source Initiative and the Eclipse Foundation, paints a picture of widespread adoption shadowed by critical operational challenges, based on a survey of over 400 global IT professionals conducted between September and December 2024.
Cost savings drive adoption: The allure remains strong, with 96% of organizations maintaining or increasing their open source usage over the past year—26% significantly so. For the second year running, the primary driver cited by a clear majority (53%) is simple cost reduction, according to the OpenLogic findings. Organizations are leveraging OSS to support investments in cloud, data technologies, and containerized infrastructure.
The EOL ticking clock: Beneath the surface of adoption, however, lies a significant reliance on outdated, unsupported software—a critical vulnerability many seem unprepared to address. The report reveals that 26% of organizations—including a staggering 40% of large enterprises—are still running end-of-life CentOS Linux distributions, despite CentOS 7 hitting its EOL deadline in June 2024. Compounding the risk, a full quarter of these CentOS users admit they "don't know" what their migration plan is, and nearly 30% don't know how they'd handle a newly disclosed security vulnerability impacting the unsupported OS.
The problem extends beyond Linux, with 15% of respondents (and nearly a third of large companies) still using AngularJS, a web framework that lost support in 2022. These findings, highlighted as particularly "bracing" in analysis by The Register, point to widespread inertia in managing software lifecycles.
Compliance consequences: This isn't just technical debt; it's a compliance nightmare waiting to happen. OpenLogic's data draws a stark correlation: organizations running EOL software like CentOS or AngularJS were nearly three times more likely (41%) to report failing a compliance audit in the past year compared to the overall average (14%). In an environment where standards like GDPR, ISO 27001, and PCI DSS are paramount—and with regulations like the EU's Cyber Resilience Act kicking in—such lapses pose a direct financial and reputational threat.
Skills gap hinders progress: A major underlying factor appears to be a persistent skills shortage, preventing organizations from keeping pace. When asked why they hadn't migrated off CentOS, three-quarters (75%) of users cited a "lack of skills," according to the report. This talent deficit echoes across other complex domains: 75% named lack of personnel or skills as the top barrier to managing Big Data platforms, and over half (51%) pointed to personnel issues as the main challenge with cloud-native technologies. Overall, simply keeping up with updates and patches was rated the most challenging aspect of working with OSS, cited by 64% of respondents.
Big data, low confidence: The impact of the skills gap is particularly evident in Big Data operations, where nearly half (47%) of organizations using such technologies reported low confidence in their ability to manage them effectively, the OpenLogic survey found. This suggests that while businesses embrace powerful open source tools for strategic initiatives, they often lack the internal expertise to fully leverage or secure them, undermining the potential benefits.
