Open Source Trends and Predictions 2025 From Industry Insiders

Our tech predictions for 2025 are in, and we even added some "anti-predictions" — trends that many in the IT field expect to play a significant role in 2025 but our tech experts think otherwise.

Now it's the industry's turn. With so many tech leaders and industry insiders willing to share what they believe 2025 will bring, we have broken down their predictions by category, with this article focusing on open source. ITPro Today's coverage of open source in 2024 ranged from a developer's guide to unlocking the power of open source LLMs, ways to reducing reliance on bad open source packages, and how the latest version of Java modernizes the open source language to how open source is powering 96% of modern apps.

But what do industry insiders see happening with open source in 2025? Below are their open source predictions:

OSS Will Balance Innovation with Governance Amid Rising Security Threats

We will continue to see widespread open source software (OSS) adoption coupled with increasingly sophisticated attacks on OSS by malicious actors. Organizations will continue trying to get foundational OSS governance in place, and leverage open source and commercial tools to help them start to understand their OSS consumption as well as make more risk-informed consumption of OSS. Enterprises will continue pushing for transparency from vendors regarding what OSS they use in their products, but the tug of war will go on, with no widespread mandates driving change, leaving organizations to fend for themselves when it comes to OSS governance and security. — Chris Hughes, chief security advisor, Endor Labs

Growing Convergence of AI, AppSec, and Open Source

We will see the continued intersection of AI, AppSec, and open source — from malicious actors targeting open source models, the communities and platforms that host them, and organizations looking to leverage AI to address code analysis and remediation. Increasingly, we will see widely used OSS AI libraries, projects, models, and more targeted as part of supply chain attacks on the OSS AI community. Commercial AI vendors are not immune either, as they are large consumers of OSS but often aren't transparent with customers and consumers regarding what OSS they use. — Chris Hughes, chief security advisor, Endor Labs

Tech Companies Will Increasingly Pivot to Open Source for AI Innovation

While the debate over open vs. closed continues, one thing that can't be denied is that the pace of open source, community innovation will be bar none. One of the several examples in this space is how OpenTelemetry is super charging AI observability — delivering valuable insights into GPU utilization, model and database performances.  The key will be to ensure that innovation scales for the enterprise. In line with this, we can expect to see increased focus on developing governance models, investment in community engagement, and partnerships with vendors who provide enterprise-grade support for open source solutions — in this way, tech companies can harness the power of open source innovation while addressing the challenges of scale and security and ensure open source solutions are curated for enterprise consumption. — Abhinav Puri, VP of Portfolio Solutions & Services, SUSE

Open Source Will Continue to Be the Cornerstone of Observability

Open source isn't just a cost-saving strategy; it's becoming the primary vehicle for technological innovation in observability. OpenTelemetry, in particular, is transforming how organizations approach instrumentation by providing a vendor-neutral, unified approach to collecting telemetry data across different systems and programming languages. As more organizations recognize the strategic value of OTel, we'll see continued investment, deeper integrations with tools like Prometheus and Grafana, and even wider spread adoption. There are a few promising areas that OTel is poised to impact in the coming months. One is streamlined troubleshooting — as OpenTelemetry enables teams to correlate metrics, logs, and traces seamlessly, we'll see accelerated root cause analysis and improved system reliability. Another is developer productivity — as standardized instrumentation eliminates the overhead of maintaining custom telemetry solutions, teams will be free to focus on building features. And last is the creation of libraries that provide users with the observability they've been seeking, such as databases, mobile applications, profiling, among many others. — Marylia Gutierrez, staff software engineer, Grafana Labs

Expanding Threat of OSS Supply Chain Attacks

Open source software (OSS) supply chain attacks will continue to expand. Reports show that supply chain attacks have risen significantly over the last several years. Open source developers and consumers will need to be more diligent in vetting the OSS components they use. The OpenSSF provides resources like the SIREN mailing list to warn of emerging exploits, OSV to track malicious packages alongside vulnerability data, and tools like Scorecard and GUAC to enhance visibility into dependencies. — Christopher Robinson, chief security architect, OpenSSF

Global Compliance Push for OSS Responsibility

As the Cyber Resilience Act (CRA) in the EU takes effect, vendors worldwide will need to reassess their use of open source software and contribute more to the upstream community. For example, creating Software Bills of Materials (SBOMs) for the open source projects they use will help organizations in their compliance efforts. Corporations using open source software will face increased regulatory pressure to act responsibly, conducting due diligence on packages, libraries, and frameworks within their products, and supporting the developers of the open source tools they consume in commercial products. — Christopher Robinson, chief security architect, OpenSSF

Increased Scrutiny of Software by Governments

The world runs on software. Its repeated exploitation — and sometimes subversion — has made governments increasingly interested in doing something to change that. I expect the U.S. to continue to gradually develop tighter requirements, especially for critical infrastructure and government use, through continuous dialogue with developers. The EU has passed the Cyber Resilience Act (CRA), but while it's lengthy, important questions remain. I hope that the EU will clarify the meaning of the CRA by working with experts to create practical and fair requirements. — David A. Wheeler, director of open source supply chain security, OpenSSF

Geopolitics Will Complicate Open Source Collaboration That's Needed Due to Politically Motivated Threats

There will be increasing legal requirements that prevent open source collaboration across some national boundaries.  This fragmentation is unfortunate, but it will be a reality. Unfortunately, some nations will start to view open source software (OSS) as a useful target instead of a useful way to collaborate, which means that OSS projects will need to increase efforts to counter malicious development. This will include more work to implement trusted publishers, reproducible builds, provenance, and other mechanisms to improve transparency. — David A. Wheeler, director of open source supply chain security, OpenSSF

2025 Will Signal the Decline of Open Source as Business Model

2024 has been a year of reckoning in the open source space, marked by a collective  community pushback against organizations and practices that undermine its foundational principles. From Elastic's recent decision to re-adopt the open source model, to the swift, coordinated launch of Valkey, the open source community has put vendors on notice that they are still very much a force to be reckoned with. So, if 2024 was the year that open source struck back, I predict 2025 will be the year that open source ceases to see traction as a business model. Things like "the open source bait and switch" — where organizations leverage open source licensing to drive adoption, only to switch to more restrictive licenses once they want to cash in — will become a thing of the past. Because of such practices, more people will realize that single-vendor support for popular OSS projects is an inherently problematic model with a waning shelf-life. Moving forward, I believe community-supported projects and those backed by community or foundation-supported projects will become the standard for OS initiatives while single-entity OS projects will fall out of favor. — Ann Schlemmer, CEO, Percona

Despite Dogged Efforts to Define OS AI, Consensus Will Remain Elusive

As the de facto stewards of all things open source, the Open Source Initiative has been working to uphold a standardized definition of the term for decades. However, with the recent explosion in AI, the waters around what is and what isn't open source have become muddier than ever before. In response, in late October, the OSI published its first standardized definition of open source AI. Nevertheless, despite more than two years of research and development — as well as a growing number of industry endorsements — consensus around the definition of open source AI still does not exist. That's why I believe we're still only at the beginning of this extremely complex and thorny pursuit. In the year ahead, I expect we will see even more discussion and debate around the topic, with open source idealists, pragmatists, and vendors alike weighing in on what it means to be open source in the Age of AI. — Ann Schlemmer, CEO, Percona

Open Source Security Takes Center Stage

As open source adoption continues to grow, organizations like the FreeBSD Foundation, Alpha-Omega Project, and Sovereign Tech Agency will double down on securing the open source ecosystem. This includes addressing vulnerabilities, improving transparency, and fortifying the software supply chain. Developers and users alike will benefit from stronger security measures and resilient infrastructure, ensuring open source remains a reliable foundation for innovation. — Pierre Pronchery, security developer, FreeBSD Foundation

Regulatory Pressures Will Intensify, with Potential Software Bans

Governments worldwide will create strict security regulations in 2025, requiring both organizations and their suppliers to follow enhanced safety standards. Some software, including open source programs with known security flaws, may face outright bans. These regulations will make organizations responsible for thoroughly evaluating their software selections and supplier partnerships as governments take steps to protect critical infrastructure and reduce system vulnerabilities. — Dr. Aleksandr Yampolskiy, co-founder and CEO, SecurityScorecard

More AI Models Will Come from Open Source Projects

Open source projects and organizations have been contributing AI models that meet the needs of the industry, making AI available to everyone, not just to organizations that can afford to pay for it. There will be more companies that offer both commercial and open source offerings. No one approach will win, just as open source and commercial software models have coexisted in the traditional software world for decades. — David DeSanto, chief product officer, GitLab

Embracing a Hybrid AI Future

In the field of AI, predicting the future is about as reliable as a weather forecast, especially in the era of large language models (LLMs). The truth is, we're headed toward a hybrid future. It's important to note that both open and closed-source models have their place, despite the popular sentiment of open source takeover. Enterprises are better off being model-agnostic. The open source vs. proprietary discourse does no good to an organization building robust solutions capturing the best of both worlds. Closed source models, developed by well-resourced companies, often push the boundaries of what's possible in AI. They can provide highly refined, specialized solutions that benefit from significant investment in research and development. — Sreekanth Menon, global head of AI, Genpact

Open Source LLMs Gain Traction in Enterprises

The adoption of open source large language models (LLMs) in enterprises is growing as companies explore alternatives to closed-vendor solutions. Many organizations value the ability to operate these models within their own environments, which is especially relevant for those handling sensitive data, especially in domains like banking and healthcare.  One key advantage of open source models is the distributed responsibility they enable. They offer transparency and the ability for organizations to customize and control their AI solutions. This is particularly valuable for enterprises that need to adapt models to specific use cases or have concerns about data privacy and security.  Risks associated with open source models, such as unsafe storage and unknown data exposure, further underscore the need for stringent data protection measures and data sanitization practices. For an AI enterprise, factoring in the use case under consideration, resource intensiveness of the project, transparency requirements, and timelines of the project delivery should dictate the selection of open source or proprietary models and not the other way around. — Sreekanth Menon, global head of AI, Genpact

The Open Source Reckoning — Sustainability and Commercial Viability Take Center Stage

2025 will see the continued closure, defunding, and relicensing of open source projects as the bill comes due for projects created in the Zero Interest Rate Policy (ZIRP) era. There will be a renewed focus on sustainability and commercial viability of open source, especially for critical infrastructure projects, as savvy adopters ask themselves: just how much can we truly rely on these projects to be around tomorrow? Finally, the resistance to discussing open source as anything other than an altruistic effort in selfless collaboration will start to erode, as the economic realities of paying maintainers for a free product become increasingly obvious. — William Morgan, CEO, Buoyant

Organizations Will Strengthen Open Source Security

As open source adoption continues to grow, organizations like the FreeBSD Foundation, Alpha-Omega Project, and Sovereign Tech Agency will double down on securing the open source ecosystem. This includes addressing vulnerabilities, improving transparency, and fortifying the software supply chain. Developers and users alike will benefit from stronger security measures and resilient infrastructure, ensuring open source remains a reliable foundation for innovation. — Pierre Pronchery, security developer, FreeBSD Foundation

Understanding Open Source Changes

Open source is one of the fastest-changing areas of the technology industry. For vendors, there is a balance between funding new open source innovations and making them easily available. For enterprises, their biggest challenge is getting to grips with the costs and effort associated with open source, and as it matures, we expect this to be a bigger area of attention. — Jim Cassens, CEO, Perforce

Open Source LLM vs. Subscription-Based: Who Will Win in 2025?

Meta changed the rules of the Large Language Model (LLM) game by open sourcing their model, Llama. Now, Meta is on track to have the most widely deployed chatbot in the world by the end of the calendar year 2024, despite OpenAI's initial leadership with ChatGPT. As the GenAI race heats up and more native artificial intelligence Independent Software Vendors (ISVs) emerge, open source models will continue experiencing exponential growth. ISVs will adopt an open source model like Llama instead of building on top of a model with a licensing fee involved. Ecosystems will form around open source LLMs, and they will gain critical mass. — Ratan Tipirneni, president and CEO, Tigera