The State of Open Source Software in 2024
February 21, 2024

Stephen Feloney
Perforce Software

According to the 2024 State of Open Source Report — from Perforce in collaboration with the Open Source Initiative and the Eclipse Foundation — 95% of respondents say that they have increased or maintained their use of open source in 2023 (33% of those significantly so).


Source: Perforce(link is external)

As for the 5% who reduced their OSS, they were predominantly from early-stage startups. The most significant growth was reported among respondents in Latin America, Asia, Africa, and the Middle East, although all regions expanded open-source adoption.

Databases and data technologies received the most investment among all open-source software categories at 35%.

The next two largest categories are programming languages and frameworks, and cloud and container technologies, both at 31%.

Further analysis of the results revealed that it is particularly large enterprises that are investing in the latter category, while small to mid-sized firms are allocating more to data technologies.

This year, reducing cost is the top reason for choosing open source at 37%, access to functionality to improve development velocity (31%), stable technology with long-term community support (28%), and access to innovations and technologies (27%).

This shift towards cost reduction is a marked shift from previous years when this reason lagged behind those other drivers and probably reflects the economy and global instability.

Challenges

The continued skills shortage and pressurized budgets, leading to less available time and the inevitable focus on prioritizing daily firefighting, are also apparent, with 38% having challenges relating to the team's OSS skills, experience, and proficiency. Only 16% claimed not to lack open-source skills, and that response was predominantly from small organizations with under 100 employees or early-stage startups. 40% also have concerns over the lack of high-level technical support.

Organizations are taking steps to address the lack of skills, whether in-house or with help from third parties. For example, over 45% are investing in internal or external training, 38% are hiring experienced professionals, and almost 29% are hiring external contractors or consultants. Organization size (and budget) probably plays a role here, as 50% of the largest enterprises are outsourcing talent, whereas medium to large organizations prefer to provide internal or external training to address skill gaps.

Dealing with the skills gap cannot happen quickly enough, given some of the other significant challenges the survey reveals. When asked about their biggest open source support problem, 79% cited maintaining security policies and compliance, followed by staying current with updates and patches at 70%.

Open-source security tools could help alleviate some of these problems, but investment in these was only quoted by 15%, with primarily single-digit usage of the most popular open-source security tools.

EOL Software Is Still a Problem

In addition, End of Life (EOL) software is still being used extensively, and this can contribute to security issues. Unsupported EOL software that is not being patched internally or via a third party can create vulnerabilities that hackers can then exploit. 42% admit that maintaining EOL software is challenging.

That said, 40% scan open-source software for vulnerabilities, indicating that the use of open-source software is maturing.

Other examples of maturity include:

■ 37% having experts in different open-source technologies.

■ 29% contribute to open source projects or foundations, and the same percentage develop new open source software in public git repositories.

■ 21% generate software bills of materials (SBOMs).

■ 19% have a legal team familiar with open-source licensing.

So, while there are still some substantial challenges to overcome, it is encouraging to see that there is awareness of these, plus a greater appreciation of how open source has become a mainstream part of technology, increasingly an integral part of how organizations operate.

Stephen Feloney is VP of Products - Continuous Testing at Perforce Software
Share this

Industry News

May 01, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.

May 01, 2025

Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.

May 01, 2025

Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.

May 01, 2025

Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.

April 30, 2025

Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.

April 30, 2025

Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.

April 29, 2025

vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.

April 29, 2025

Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.

April 29, 2025

Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.

April 29, 2025

Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).

April 28, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.

April 28, 2025

SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.

April 28, 2025

Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.

April 24, 2025

Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.