The State of Open Source Software in 2024
February 21, 2024

Stephen Feloney
Perforce Software

According to the 2024 State of Open Source Report — from Perforce in collaboration with the Open Source Initiative and the Eclipse Foundation — 95% of respondents say that they have increased or maintained their use of open source in 2023 (33% of those significantly so).


Source: Perforce

As for the 5% who reduced their OSS, they were predominantly from early-stage startups. The most significant growth was reported among respondents in Latin America, Asia, Africa, and the Middle East, although all regions expanded open-source adoption.

Databases and data technologies received the most investment among all open-source software categories at 35%.

The next two largest categories are programming languages and frameworks, and cloud and container technologies, both at 31%.

Further analysis of the results revealed that it is particularly large enterprises that are investing in the latter category, while small to mid-sized firms are allocating more to data technologies.

This year, reducing cost is the top reason for choosing open source at 37%, access to functionality to improve development velocity (31%), stable technology with long-term community support (28%), and access to innovations and technologies (27%).

This shift towards cost reduction is a marked shift from previous years when this reason lagged behind those other drivers and probably reflects the economy and global instability.

Challenges

The continued skills shortage and pressurized budgets, leading to less available time and the inevitable focus on prioritizing daily firefighting, are also apparent, with 38% having challenges relating to the team's OSS skills, experience, and proficiency. Only 16% claimed not to lack open-source skills, and that response was predominantly from small organizations with under 100 employees or early-stage startups. 40% also have concerns over the lack of high-level technical support.

Organizations are taking steps to address the lack of skills, whether in-house or with help from third parties. For example, over 45% are investing in internal or external training, 38% are hiring experienced professionals, and almost 29% are hiring external contractors or consultants. Organization size (and budget) probably plays a role here, as 50% of the largest enterprises are outsourcing talent, whereas medium to large organizations prefer to provide internal or external training to address skill gaps.

Dealing with the skills gap cannot happen quickly enough, given some of the other significant challenges the survey reveals. When asked about their biggest open source support problem, 79% cited maintaining security policies and compliance, followed by staying current with updates and patches at 70%.

Open-source security tools could help alleviate some of these problems, but investment in these was only quoted by 15%, with primarily single-digit usage of the most popular open-source security tools.

EOL Software Is Still a Problem

In addition, End of Life (EOL) software is still being used extensively, and this can contribute to security issues. Unsupported EOL software that is not being patched internally or via a third party can create vulnerabilities that hackers can then exploit. 42% admit that maintaining EOL software is challenging.

That said, 40% scan open-source software for vulnerabilities, indicating that the use of open-source software is maturing.

Other examples of maturity include:

■ 37% having experts in different open-source technologies.

■ 29% contribute to open source projects or foundations, and the same percentage develop new open source software in public git repositories.

■ 21% generate software bills of materials (SBOMs).

■ 19% have a legal team familiar with open-source licensing.

So, while there are still some substantial challenges to overcome, it is encouraging to see that there is awareness of these, plus a greater appreciation of how open source has become a mainstream part of technology, increasingly an integral part of how organizations operate.

Stephen Feloney is VP of Products - Continuous Testing at Perforce Software
Share this

Industry News

April 11, 2024

Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.

April 11, 2024

Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.

April 11, 2024

Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.

April 10, 2024

Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.

April 10, 2024

Buildkite signed a multi-year strategic collaboration agreement (SCA) with Amazon Web Services (AWS), the world's most comprehensive and broadly adopted cloud, to accelerate delivery of cloud-native applications across multiple industries, including digital native, financial services, retail or any enterprise undergoing digital transformation.

April 10, 2024

AppViewX announced new functionality in the AppViewX CERT+ certificate lifecycle management automation product that helps organizations prepare for Google’s proposed 90-day TLS certificate validity policy.

April 09, 2024

Rocket Software is addressing the growing demand for integrated security, compliance, and automation in software development with its latest release of Rocket® DevOps, formerly known as Aldon®.

April 09, 2024

Wind River announced the latest release of Wind River Studio Developer, an edge-to-cloud DevSecOps platform that accelerates development, deployment, and operation of mission-critical systems.

April 09, 2024

appCD announced its generative infrastructure from code solution now supports Azure Kubernetes Service (AKS).

April 09, 2024

Synopsys announced the availability of Black Duck® Supply Chain Edition, a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains.

April 09, 2024

DataStax announced innovative integrations with API extensions to Google Cloud’s Vertex AI Extension and Vertex AI Search, offering developers an easier time leveraging their own data.

April 08, 2024

Parasoft introduced C/C++test CT, a comprehensive solution tailored for large teams engaged in the development of safety- and security-critical C and C++ products.

April 08, 2024

Endor Labs announced a strategic partnership with GuidePoint Security.

April 08, 2024

Hasura announced the V3 of its platform, providing on-demand API composability with a new domain-centric supergraph modeling framework, a distributed supergraph execution engine and a rich and extensible ecosystem of open source connectors to address the challenges faced during integration of data and APIs.

April 04, 2024

DataStax has entered into a definitive agreement to acquire AI startup, Logspace, the creators of Langflow, an open source visual framework for building retrieval-augmented generation (RAG) applications.1