83% of organizations see value in adopting open source, but report major gaps in security and governance

A new Linux Foundation report reveals how organizations worldwide are adopting, using, and perceiving open source software.

The Linux Foundation’s latest report, The state of global open source, has just been released in collaboration with Canonical. The report follows the Linux Foundation’s European spotlight report, released earlier this year, and confirms that many of the trends the European spotlight report unveiled are true on a global scale. In particular, the global spotlight report confirms the role of open source software as the foundation of business-critical systems worldwide, and indicates a continued increase in adoption. However, organizations continue to lack the governance, security testing, and strategic maturity required to manage open source strategically and securely. 

The report suggests that most organizations expect enterprise-grade performance from open source software, but under-invest in the required governance frameworks, security practices, and community engagement. 

83% of organizations acknowledge open source is valuable to their future

According to the report, the trend of increasing open source adoption in the enterprise is set to continue, as 83% of enterprises consider open source software adoption valuable to their future. Likewise, the report reveals the centrality of open source software to the modern enterprise. Globally, enterprises have adopted open source software throughout their technical stacks: 55% have adopted open source operating systems, whilst 49% have adopted open source cloud and container technologies, and 46% open source web and application development. 

The widespread confidence that open source will play a pivotal role in many organizations’ futures is closely connected to a growing understanding of the benefits of open source software adoption.   

86% report open source software improves productivity

This report confirms a shift in enterprises’ strategic mindset around open source: 82% of respondents considered open source as an asset that enables innovation. Historically, open source software was often reserved for specific projects or use cases, like setting up web servers – with wider organizational use being viewed with some scepticism. 

Open source is now a “must-have.” Why is this the case? Here’s what the respondents had to say: 

• 86% stated that open source improves productivity 
• 79% reported improved software quality as a result of open source
• 78% highlighted improved security

Compared to the benefits seen by organizations using open source software in 2024, 46% reported increased business value from open source over the past year. The growing interest in and use of open source technologies is particularly clear for certain technologies, like AI.

AI technologies benefit most from being open source

The growing value of open source can partly be attributed to the influence of AI. Since 2024, there has been an increase in the adoption of open source AI and machine learning (ML) applications from 35% to 40% – a rise of 5%. Globally, AI and ML were perceived to be the technology most benefiting from being open source. Code visibility ensures organizations can more easily audit their AI systems, which makes compliance simpler, provides more transparency into how the AI model functions, and enables companies to run the AI on their own infrastructure – ensuring sensitive data never leaves the organization’s control.

With growing adoption of AI and ML come new cybersecurity risks and requirements. However, the report indicates that organizations currently lack mature governance structures for their open source estates, creating additional complications to adopting AI and ML securely.

Lack of mature governance: only 34% of organizations have defined a clear open source strategy

Despite increasing adoption of open source technologies, many organizations still lack a mature governance strategy for their open source software. 

The number of organizations that have defined a clear open source strategy has grown by just 2% in the last year, to a total of 34%. That means that nearly two-thirds of organizations rely instead on informal strategies of governance of their open source estates, primarily due to budget constraints, shifting priorities and new strategic requirements. For example, when evaluating open source components for adoption:

• 44% of organizations check the activity level of the project community
• 31% use automated security testing tools
• 28% manually review the source code
• 36% evaluate the direct dependencies of the open source component

With less than half of organizations taking these important formal strategies before adoption, the report indicates that this “creates significant risk exposure and limits organizations’ ability to capture the full strategic value of open source participation,” signalling that this is a concern that organizations must take seriously.

Similarly, organizations demonstrate a lack of consensus around which security features and assurances matter to them when adopting open source components, with no single certification or assurance mechanism achieving adoption by more than a quarter of open source solutions. Almost a third of organizations (28%) don’t know which assurances would make them more likely to trust an open source solution. This opens them up to serious security risks, like supply chain attacks.  

As a result, enterprises are increasingly turning to paid support options for their open source estates. 

54% view paid support as essential for mission-critical workloads

More than half of respondents consider paid support for their open source essential. As open source technologies have become critical to business infrastructure, expectations for open source software support are beginning to mirror that of commercial software standards: 

• 71% of organizations expect response times of less than 12 hours from support providers
• 47% expect rapid security patching for open source software in production environments
• 53% expect long term support guarantees for their open source software. 

Acquiring paid support for open source software makes this level of support achievable, which organizations broadly accept. On a granular level, the industries with the highest proportion that consider paid support essential are those that process sensitive or valuable data, such as manufacturing (97%) followed by financial services (96%), IT (91%) and government (92%). 

Conclusion and recommendations

The Linux Foundation’s The state of global open source reveals that enterprises are relying on open source software and perceiving its benefits. However, increasing engagement with open source communities, more structured governance of open source estates, and structured security evaluations of open source elements before adoption will help organizations to strengthen the resilience of their open source infrastructure.