The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
According to the 2024 State of Open Source Report — from Perforce in collaboration with the Open Source Initiative and the Eclipse Foundation — 95% of respondents say that they have increased or maintained their use of open source in 2023 (33% of those significantly so).
Source: Perforce
As for the 5% who reduced their OSS, they were predominantly from early-stage startups. The most significant growth was reported among respondents in Latin America, Asia, Africa, and the Middle East, although all regions expanded open-source adoption.
Databases and data technologies received the most investment among all open-source software categories at 35%.
The next two largest categories are programming languages and frameworks, and cloud and container technologies, both at 31%.
Further analysis of the results revealed that it is particularly large enterprises that are investing in the latter category, while small to mid-sized firms are allocating more to data technologies.
This year, reducing cost is the top reason for choosing open source at 37%, access to functionality to improve development velocity (31%), stable technology with long-term community support (28%), and access to innovations and technologies (27%).
This shift towards cost reduction is a marked shift from previous years when this reason lagged behind those other drivers and probably reflects the economy and global instability.
Challenges
The continued skills shortage and pressurized budgets, leading to less available time and the inevitable focus on prioritizing daily firefighting, are also apparent, with 38% having challenges relating to the team's OSS skills, experience, and proficiency. Only 16% claimed not to lack open-source skills, and that response was predominantly from small organizations with under 100 employees or early-stage startups. 40% also have concerns over the lack of high-level technical support.
Organizations are taking steps to address the lack of skills, whether in-house or with help from third parties. For example, over 45% are investing in internal or external training, 38% are hiring experienced professionals, and almost 29% are hiring external contractors or consultants. Organization size (and budget) probably plays a role here, as 50% of the largest enterprises are outsourcing talent, whereas medium to large organizations prefer to provide internal or external training to address skill gaps.
Dealing with the skills gap cannot happen quickly enough, given some of the other significant challenges the survey reveals. When asked about their biggest open source support problem, 79% cited maintaining security policies and compliance, followed by staying current with updates and patches at 70%.
Open-source security tools could help alleviate some of these problems, but investment in these was only quoted by 15%, with primarily single-digit usage of the most popular open-source security tools.
EOL Software Is Still a Problem
In addition, End of Life (EOL) software is still being used extensively, and this can contribute to security issues. Unsupported EOL software that is not being patched internally or via a third party can create vulnerabilities that hackers can then exploit. 42% admit that maintaining EOL software is challenging.
That said, 40% scan open-source software for vulnerabilities, indicating that the use of open-source software is maturing.
Other examples of maturity include:
■ 37% having experts in different open-source technologies.
■ 29% contribute to open source projects or foundations, and the same percentage develop new open source software in public git repositories.
■ 21% generate software bills of materials (SBOMs).
■ 19% have a legal team familiar with open-source licensing.
So, while there are still some substantial challenges to overcome, it is encouraging to see that there is awareness of these, plus a greater appreciation of how open source has become a mainstream part of technology, increasingly an integral part of how organizations operate.
Industry News
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium, the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.
Zencoder announced the launch of Zen Agents, delivering two innovations that transform AI-assisted development: a platform enabling teams to create and share custom agents organization-wide, and an open-source marketplace for community-contributed agents.
AWS announced the preview of the Amazon Q Developer integration in GitHub.
The OpenSearch Software Foundation, the vendor-neutral home for the OpenSearch Project, announced the general availability of OpenSearch 3.0.