Challenges Facing Open Source Adoption and Growth

Open source is running into a new challenge. AI can now generate code faster than maintainers can review it. I call this Slopen Source. Coding agents make it easy to produce pull requests, but they do not bear responsibility for maintaining the codebase, understanding architectural decisions, or protecting long-term quality. The burden shifts to maintainers, who must verify and support code that contributors may not fully understand. In this article, I explore how this shift is affecting contribution dynamics, maintainer burnout, and how some ecosystems and platforms are starting to respond with new norms, contributor verification, stronger testing expectations, and tools designed to reduce automated pull request noise. What are you seeing in open source to improve this?

Why isn’t open source taking off in Latin America & the Caribbean’s digital public infrastructure, even when it’s free, mature, and better aligned with digital sovereignty? That’s the question I explored during my fellowship with the Digital Impact Alliance, and one I try to answer in my new paper, drawing on 15 interviews, a workshop at the 2025 UN Open Source Week, and insights from a dozen ecosystem leaders. The short answer: -It’s not a tech problem. -It’s a market problem. Policymakers in the region want OSS, but when they have to choose, the surrounding ecosystem often fails to give them the speed, clarity and confidence to move forward: -Not enough sales teams. -Limited support guarantees. -Misaligned incentives for adoption. Meanwhile, proprietary vendors are fast in getting visibility, navigating procurement and offering long-term support. So how do we close the gap? It’s time to: -Build the market layer around OSS -Align incentives across the ecosystem -Make OSS as easy to adopt as proprietary tech, without compromising openness Read the full paper here: https://lnkd.in/d6q5J5ky You should check out the incredible work from the rest of my DIAL fellowship cohort: Heather Openshaw Risper Onyango Arjun Gargeyas Kassim Vera And huge thanks to everyone who shared their time and insights over the past few months, your perspectives shaped every part of this: Abigail Garmon, Alexia Peralta, Armando J. Manzueta Peña, Arturo Muente Kunigami, Aura Cifuentes, Beatriz Vasconcellos, Chrissy Martin Meier, Ciro Avelino, Daniel Abadie, David Eaves, Gautham Ravichander, Carmelo Duran Müller, Héctor Saravia, Julia Vieira de Andrade Dias Emendabili, Kameshwari (Kamya) Chandra, Kay McGowan, Kevin Jiménez Lorenzo, Pablo Spínola Fresán, Rajagopalan Santhanagopalan, Ritul Gaur, Sarah Farooqi, Venkatesh Hariharan, and Vineet Bhandari. #OpenSource #DigitalPublicInfrastructure #LAC #DPG #DigitalSovereignty #TechPolicy

We surveyed 200+ AI founders and product leaders building AI apps—and found something surprising: Only 30% are using open source AI models to power their applications. With all the hype around open source, that stat really stood out. So, what’s holding product teams back? It’s not that open source models are bad—they’re getting better every week. According to our survey, the top challenges with open source models are: 1/ Less support and troubleshooting 2/ Higher internal overhead for managing + updating 3/ Missing key capabilities In contrast, most AI founder and product leaders are laser-focused on: 1/ Time to market with new AI features/products 2/ Cost efficiency of AI features/products at scale 3/ Engineering capacity to deliver on the above two points The industry often misses one critical point: models aren’t finished products—they’re just building blocks. And these building blocks are evolving rapidly too. For production use, they need to be scalable, low-latency, and supported with rapid iterations, ongoing bug fixes, and low inference costs, among other things. That’s why we’re seeing managed model providers like Bedrock and Fireworks emerge—they add the “product” layer on top of raw models, making them ready for real-world applications. The industry often talks about “foundation models vs. applications.” Turns out the emerging AI software stack will be a lot more nuanced though! 👇 Curious to dive deeper? Check out the full report we did with more insights here: https://lnkd.in/eJRc_7rJ

Open Source Software (OSS) in the automotive industry has often faced challenges so significant that many implementations have failed outright or fallen short of their potential. Despite its promise of innovation and collaboration, OSS adoption has struggled due to safety requirements, industry fragmentation, and security risks—leaving it to feel like it's wandering the desert for 40 years in search of relevance. Take, for instance, Automotive Grade Linux (AGL), which was envisioned as a unified, open-source platform for infotainment and automotive systems. While it gained early traction, the project became fragmented as OEMs and suppliers heavily customized the code to suit their individual needs. These forks diverged so much that they became incompatible, undermining AGL’s goal of standardization and widespread adoption. Security vulnerabilities have also been a recurring issue. In several cases, systems using third-party OSS libraries were found to contain exploitable flaws, allowing hackers to gain access to critical vehicle functions. These lapses led to vehicle recalls and significant reputational harm for the manufacturers involved, emphasizing the need for thorough vetting and ongoing maintenance of OSS components in safety-critical applications. Even the reliance on Tier-1 suppliers has turned into a double-edged sword for OSS adoption. Many OEMs tasked their suppliers with adapting open-source platforms for telematics or infotainment systems, only to find themselves locked into the supplier’s proprietary extensions. This ironic form of vendor lock-in negates the primary advantage of OSS—flexibility and independence. Autonomous platforms provide another example of stalled progress. Startups and OEMs that attempted to use OSS for perception and decision-making software encountered significant hurdles. The lack of pre-certification for safety-critical use, coupled with the enormous effort required to adapt OSS for complex real-world scenarios, led to cancellations or severely delayed projects. Even in simpler domains like infotainment, early Linux-based systems struggled. Poor user experiences and performance issues plagued these implementations, as many automakers lacked the expertise to refine OSS for consumer-ready interfaces. Customer dissatisfaction forced some OEMs to abandon or scale back Linux-based solutions entirely. These challenges underscore the steep learning curve and resource demands of integrating OSS into the automotive ecosystem. However, like those wandering the desert, the journey is not without hope. Initiatives like Eclipse SDV and renewed efforts to standardize and certify OSS components offer a glimpse of the promised land. By addressing the gaps in security, collaboration, and safety compliance, OSS could yet find its place in automotive innovation. I think the potential for transformation remains if the industry can learn from past missteps and chart a more strategic course forward. #agl #oss #automotive

💡 Emerging Challenges for Open Source Program Offices As Open Source Program Offices (OSPOs) evolve, they face several challenges. This post builds on the previous one where I presented five key challenges and highlights "emerging" challenges in key areas that OSPOs must navigate to ensure success: 1️⃣ Sustainability: Ensuring the long-term viability of open source projects and communities that your organization relies on is vital. Without sustainable contributions and resources, critical dependencies may falter. 2️⃣ Legal and Licensing: Navigating complex open source licensing models and legal implications, including compliance and managing risk, is an ongoing challenge. The rise of Generative AI and new licensing models have added complexity to this space. 3️⃣ Community Engagement: Maintaining and fostering active engagement with internal and external communities is essential. Contributors need to feel valued and heard to stay motivated and committed. 4️⃣ Inclusivity: Cultivating an inclusive environment where contributors from diverse backgrounds feel welcome is key. It’s not just about technical excellence—it’s about building a community that reflects diverse perspectives. 5️⃣ Security Management: As software security becomes increasingly critical, OSPOs face challenges in addressing vulnerabilities and managing the security of the open source supply chain—especially in light of new legislation (including #SBOM requirements) and rising cyber threats. Have I missed anything? Please comment below. Want to dive deeper into OSPO challenges and solutions? Join The Linux Foundation's TODO (OSPO) Group, an open community of practitioners dedicated to creating, sharing knowledge, and collaborating on practices to run successful OSPOs! Happy Friday! cc: The Linux Foundation Linux Foundation Europe Linux Foundation Japan TODO (OSPO) Group OpenChain Project

“At the same time, much of our modern world now relies on underfunded and rapidly expanding digital infrastructure. There has long been an assumption within open source that bugs can be identified and solved quickly by the “many eyes” of a wide community—and indeed this can be true. But when open-source software affects millions of users and its maintenance is handled by handfuls of underpaid individuals, the weight can be too much for the system to bear. In 2021, a security vulnerability in a popular open-source Apache library exposed an estimated hundreds of millions of devices to hacking attacks. Major players across the industry were affected, and large parts of the internet went down. The vulnerability’s lasting impact is hard to quantify even now. Other risks emerge from open-source development without the support of ethical guardrails. Proprietary efforts like Google’s Bard and OpenAI’s ChatGPT have demonstrated that AI can perpetuate existing biases and may even cause harm—while also not providing the transparency that could help a larger community audit the technology, improve it, and learn from its mistakes. But allowing anyone to use, modify, and distribute AI models and technology could accelerate their misuse.”

Open-source software drives innovation, speeds up development, and keeps costs low. But let’s be real… It also introduces security risks that most teams aren’t fully prepared to handle. If a single vulnerable library can put millions of devices at risk, how confident are organizations in their ability to track, manage, and secure every dependency they rely on? We’ve seen the damage firsthand. Log4Shell shook the industry, proving that one overlooked vulnerability in a widely used open-source component can lead to chaos - rushed patches, service disruptions, and massive security fallout. And that was just one example. Yet, many teams still operate without real visibility into the security of their open-source components. Updates happen too slowly, security scans lack context, and by the time vulnerabilities get prioritized or patched, they’ve already been exploited. The solution isn’t to move away from open source, it’s to secure it properly, without slowing down development. Cycode provides enterprises the highest fidelity context to identify, prioritize, and fix the software risk that matters across both proprietary and open source code without disrupting development.

OpenSSF just published an open letter from leaders of several open source organizations calling for a fundamental rethink of how we fund and sustain the infrastructure behind the projects we all rely on. It’s clearer than ever how much modern computing depends on OSS. From package managers to dependency repositories, open source quietly powers nearly everything we build. Yet today, only a handful of organizations are carrying the cost of maintaining that infrastructure for everyone. That imbalance is not sustainable, especially as CI workloads and AI-driven code generation push demand even higher. Percona is proud to be part of this community, and I believe we contribute meaningfully to it. My hope is that this serves as a reminder to other companies as well: we can’t just consume open source, we need to invest in it—financially, operationally, and culturally—so it continues to thrive for decades to come. 📖 More on the topic from Michael Vizard in DevOps.com  https://lnkd.in/e6qsBiB6