Open Source Trends and Predictions for 2025

It's a new year, which is a good time to reflect on what changed in the never-boring OSS world over the past 12 months — and what 2025 might bring. Read on to see what I expect we'll be hearing and reading about this year in terms of open source trends. 

Demand for More Data Sovereignty  

More and more organizations are streaming and processing large data sets in realtime, for reasons ranging from observability into manufacturing processes and sentiment analysis of social media, to routing and processing financial transactions and training Large Language Models for AI applications. 

Big Data technologies are complex, often requiring both specialized IT operations teams as well as infrastructure architects. As a result, many companies have turned to managed solutions in order to offload this work so their own teams can focus on the data and data analysis itself. However, many of these managed solutions have started adding non-optional features, requiring public cloud deployment, and dramatically increasing their pricing structure, often without transparency to their customers. Additionally, customers are running into compliance issues, as new regulatory requirements mandating how and where data is processed and stored are sometimes incompatible with these platforms. 

Since many of these solutions are based on existing OSS technologies such as Hadoop, Kafka, and others, we expect to see companies rethinking their Big Data strategy, looking for ways to achieve data sovereignty by bringing their Big Data solutions in-house with open source software, and partnering with commercial support vendors as needed to aid in architecture and management. 

Related >> Is It Time to Open Source Your Big Data Management?                   

The Search for the Next CentOS Continues

On June 30, 2024, we saw a milestone in the Enterprise Linux ecosystem as CentOS 7 reached end of life. While a number of commercial offerings emerged to allow CentOS users to postpone their migrations, these are short-term solutions, and eventually companies will need to migrate to new distributions. 

As CentOS was itself a 1-to-1 replacement for Red Hat Enterprise Linux (RHEL), this of course remains an option. However, this ignores one of the main reasons for using CentOS: the fact that you could use it without support contracts, or contract with third parties for support, often at steep discounts over Red Hat. 

Several CentOS alternatives have emerged in the past few years, including AlmaLinux and Rocky Linux, providing essentially the same 1:1 OSS counterpart to RHEL that CentOS provided. Like CentOS, these distros are community-supported, and both are relatively new, with an unproven track record of support that makes some enterprise organizations nervous. 

Additionally, many businesses have become increasingly security-minded in the last few years, due to a variety of CVE announcements against OSS software as well as supply chain attacks. A freely available Linux distribution is often not enough for these companies; they also need a secure baseline image to start from in order to streamline the security measures they need to take to protect their software. While commercial solutions such as RHEL, Oracle Linux, and SUSE Linux provide these, they come at substantial cost. 

All of which is to say, there is still no clear victor in the so-called "Linux Wars" but as more companies migrate off CentOS in 2025, we'll probably have a better sense of whether security or cost-effectiveness is the bigger driver based on where they end up. 

Related >>How to Find the Best Linux Distro For Your Organization

Open Source AI Enters the Next Phase

AI has become the technology du jour, replacing previously trending topics such as the metaverse and cryptography. Technically speaking, most of the technology around AI today is around Large Language Models (LLMs) and Generative AI, which use statistical models in order to determine what to do next, whether that’s completing a conversational prompt, splicing together images, or other use cases. 

Generative AI models require large amounts of training, with large amounts of data — which means that it falls under the umbrella of Big Data when it comes to open source. The need to keep these processes and technologies secure and performant is paramount — and just like with Big Data, the amount of expertise is spread thin. 

AI is a hugely competitive market and that's not going to change in 2025. There are a variety of toolchains already available for training LLMs and other models within Big Data pipelines, with tools such as Apache Spark, Apache Kafka, and Apache Cassandra providing key functionality used to train these models. I anticipate seeing more companies developing bespoke LLMs that directly support the products they produce, and they will use open source toolchains to do this. 

Related >>Open Source and AI: Using Cassandra, Kafka, and Spark for AI Use Cases

Lessons From the XZ Utils Backdoor

In 2024, the security world was rocked by the discovery of a malicious backdoor in the xz utility, and attention was turned to staving off future supply chain attacks. 

Supply chain attacks? But isn’t xz an open source utility? 

In this particular case, an individual had used social engineering to very gradually, over multiple years, take over maintenance of the open source project producing xz. Once they had, they slipstreamed in the backdoor in a release they signed. 

While many tried to decry this incident as evidence that open source software is inherently insecure (as this sort of social engineering is always a possibility), there’s another side to the coin: it was an open source packager performing standard benchmarking on a development release of an operating system who uncovered the issue. As the adage goes, many eyeballs make all bugs shallow. 

One side effect of this attack was renewed interest in Software Bills of Materials (SBOMs). Organizations that are able to produce an SBOM for their software have a record of what they have installed, including the specific versions, as well as what licenses apply. This provides the ability to audit your software — or your vendor’s software — for known security vulnerabilities, and to react to them more quickly. Many organizations are forming DevSecOps teams to manage building, maintaining, and validating SBOMs against vulnerability lists as part of ongoing security in-depth efforts. 

Even better, the OSS community is stepping up to build tooling for producing SBOMs into their development chains and utilities. The Node.js community has several projects that will produce SBOMs from application manifests; PHP’s Composer project added these capabilities; Java’s Maven and Gradle each have plugins to generate SBOMs.  

Security is and will continue to be a top concern for companies using open source software, and in 2024, we saw proof that the ecosystem is helping protect them. Whether or not we will have another zero-day attack in 2025 remains to be seen, but companies are recognizing the benefit of being more proactive by embedding security best practices into their development and operations workflows and managing OSS inventory with the assistance of tools like SBOMs. 

Support Your Entire Open Source Stack

Companies around the world trust OpenLogic to provide expert technical support for the open source technologies in their infrastructure, including LTS for EOL software. Let our enterprise architects tackle the toughest challenges so your developers can focus on what matters to your business. 

Explore solutions 

Additional Resources

• Video - Why You Need a Software Bill of Materials (SBOM)
• On-Demand Webinar - How to Ace OSS Lifecycle Management
• Blog - Unpacking Open Source Compliance
• Blog - 10 Reasons Why Companies Choose OpenLogic for OSS Support
• White Paper - The Decision Maker's Guide to Enterprise Linux