Fear of vendor lock-in is a top factor for moving to open source, up 68% this year compared to last year’s report.
MINNEAPOLIS, March 24, 2026 /PRNewswire/ — Perforce Software, the DevOps company for global teams seeking AI innovation at scale, in collaboration with the Open Source Initiative (OSI) and the Eclipse Foundation, has announced the release of the 2026 State of Open Source Report. The comprehensive report examines the global trends, priorities, and concerns impacting open source software (OSS) adoption. Based on survey responses from OSS users across organizations of all sizes and over a dozen industries worldwide, the findings reveal critical areas of maturity, opportunities for growth, and shifting attitudes around security, compliance, and sovereignty.
Key Report Findings
- Europe is moving towards OSS at a faster pace than US counterparts due to vendor lock-in concern (63% in EU and UK vs 51% in US)
- 60% of those working for large enterprises (5,000+ employees) spend 50% or more of their time on maintenance and bug fixes.
- Keeping up with security updates and patches remains the greatest challenge across all organization sizes.
- The majority of organizations that failed a compliance audit last year have end-of-life (EOL) software in their stacks, and the audit failure rate was twice as high for those running legacy versions of Tomcat, Spring Boot, and Spring Framework.
Avoiding vendor lock-in has emerged as a leading driver of open source software adoption, cited by 55% of respondents — representing a 68% year-over-year increase. The trend is particularly pronounced in the EU and the UK, where 63% of organizations identified vendor lock-in as a top reason for choosing OSS, compared to 51% in North America.
“Digital autonomy has become a strategic priority for European organizations, and it’s part of a broader push toward data sovereignty in light of increasingly strict EU regulatory requirements,” said Matthew Weier O’Phinney, Principal Product Manager for Perforce OpenLogic and the report’s lead author. “Open source provides a clear path to that independence, but it must be paired with infrastructure choices that preserve flexibility. Vendors that focus on portability — allowing customers to deploy where they choose — and deliver value instead of lock-in will be essential partners in achieving digital sovereignty.”
While the report shows that open source adoption is robust — less than 2% of organizations decreased their OSS in the past year — it also uncovers operational, security, and compliance challenges preventing some organizations from realizing its full potential.
Open Source Maintenance Overshadows Development
The report reveals that 60% of those working for large enterprises (5,000+ employees) spend 50% or more of their time on maintenance and bug fixes. For Enterprise Java teams, the imbalance is even more severe: close to one-third (31%) spend between 75 to 90% of their time maintaining and fixing, leaving only 10 to 25% for new functionalities.
“The six-month release cycle for JDK, which has also been adopted for Spring Framework, means that Java developers must upgrade more frequently,” Weier O’Phinney explained. “Additionally, Java 17 introduced a breaking namespace change that affects nearly all Java applications, which automation cannot fully correct. This shifts development focus from features to maintenance, costing companies valuable time.”
Security and Vulnerability Remediation Hurdles Remain
Keeping up with security updates and patches remains the greatest challenge across all organization sizes. 20% of organizations admit to having no specific process for addressing Common Vulnerabilities and Exposures (CVEs), while 39% of large enterprises report that meeting internal SLAs for vulnerability remediation is difficult.
Compliance Risks Linked to Legacy OSS and Lack of Planning
The majority of organizations that failed a compliance audit last year have end-of-life (EOL) software in their stacks, including CentOS and AngularJS. Alarmingly, the audit failure rate was twice as high for those running legacy versions of Tomcat, Spring Boot, and Spring Framework. Furthermore, only 16% of respondents indicated that they have a plan to address forthcoming compliance changes, like the EU Cyber Resilience Act, which is partially in effect now and will be fully enforced by the end of 2027.
“This year’s findings confirm what the open source community has long understood: the freedom to choose your own technology path is a strategic necessity. A 68% surge in organizations citing vendor lock-in avoidance tells us that enterprises are actively seeking the flexibility and independence that open source uniquely provides,” said Deb Bryant, Interim Executive Director, Open Source Initiative. “That growth reinforces why investing in the sustainability of open source projects and communities is so critical. The software can only deliver on its promise of digital autonomy if it remains well-maintained, well-funded, and truly open.”
Resources
About Perforce
The best-run DevOps teams in the world choose Perforce. Powered by advanced technology, including powerful AI that takes you from AI ambition to real results, the Perforce suite is purpose-built to handle complexity, maintain speed without compromise, and ensure end-to-end integrity across your DevOps toolchain. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is the trusted partner for innovation.
Harness the power of AI and accelerate your technology delivery without shortcuts. Build, scale, and innovate with Perforce—where efficiency meets intelligence.
About the Open Source Initiative
The Open Source Initiative (OSI) is the steward of the Open Source Definition, setting the foundation for the global open source ecosystem. Founded in 1998, OSI protects and promotes open source software, development and communities, championing software freedom in society through education, collaboration and infrastructure. The OSI is a 501(c)3 non-profit, and anyone interested in supporting the defense of Open Source Definitions can join today at https://join.opensource.org.
About the Eclipse Foundation
The Eclipse Foundation provides our global community of individuals and organizations with a business-friendly environment for open source software collaboration and innovation. We host the Eclipse IDE, Adoptium, Software Defined Vehicle, Jakarta EE, and over 425 open source projects, including runtimes, tools, specifications, and frameworks for cloud and edge applications, IoT, AI, automotive, systems engineering, open processor designs, and many others. Headquartered in Brussels, Belgium, the Eclipse Foundation is an international non-profit association supported by over 350 members. To learn more, follow us on social media @EclipseFdn, LinkedIn, or visit eclipse.org.
Media Contact
PERFORCE
Maxine Ambrose
Ambrose Communications
Ph: +44 118 328 0180
perforcepr@ambrosecomms.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/perforce-2026-state-of-open-source-report-highlights-shift-toward-digital-autonomy-in-the-eu-302723533.html
SOURCE Perforce Software
