The Top 4 Open Source Trends for 2023
Open source software continues to grow with thriving projects and communities. It’s an exciting space, and every year brings new tools, projects, and strategies for innovative teams to adopt.
On December 8, 2022, OpenLogic hosted a webinar predicting the open source technologies and trends to watch in 2023. The panelists were Rod Cope (CTO, Perforce Software), Javier Perez (Chief OSS Evangelist & Senior Director of Product Management, Perforce Software), and Stefano Maffulli (Executive Director, Open Source Initiative).
In this blog, Javier Perez recaps the highlights from that conversation, focusing on four key trends:
- Greater Security Awareness and Implementation of Best Practices For Open Source Security
- Enterprises Becoming More Mature and Strategic with Open Source Software
- Legal and Ethical Issues Around Artificial Intelligence, Machine Learning, and Deep Learning
- Increased Adoption of CentOS Alternatives and OpenSearch
1. Greater Security Awareness and Implementation of Best Practices for Open Source Security
As was the case last year, open source security will continue to be a prominent topic and area of focus in 2023. Hopefully, we won’t need another zero-day critical vulnerability like the one for the Log4j library to remind everyone how important open source security is. The awareness that open source software is at the center of our most essential infrastructure systems — from nuclear power and electrical grids to transportation and healthcare — has spurred collective action on a global scale to safeguard these entities.
Last year, we saw the launch of the Open Source Software Security Mobilization Plan with 10 streams of investment, as well as legislative initiatives such as the European Cyber Resiliency Act and the Securing Open Source Software Act (which I wrote about recently for TechCrunch+). In 2023, I believe we will continue to see more global investment in making open source more secure.
As an extension of this, I think we’ll also see greater alignment on open source security best practices and more widespread adoption of those practices, such as requiring a Software Bill of Materials (SBOM). Generating SBOMs is an important first step to enhance software security, especially with commercial software. Like the ingredients list and nutritional information on a product you buy at the supermarket, SBOMs tell you exactly what is in the software. There will also likely be more pressure for organizations developing software (which certainly contains open source) to stay up to date with patches to address vulnerabilities and maintain higher standards for IT compliance, both internally and externally.
More oversight is ultimately a good thing, because we all want open source to be safe and secure, given how widely used it is across all industries. But enterprise IT and dev teams should be prepared for more scrutiny, which might mean getting long-term support for any end-of-life software they are deploying (i.e. CentOS, AngularJS), and planning software upgrades and migrations to protect their business-critical applications.
2. Enterprises Becoming More Mature and Strategic With Open Source Software
In last year's State of Open Source Report, 77% of respondents indicated that they had increased their use of open source in the previous year; in this year’s report, that number grew to 80%. And one of the top reasons driving OSS adoption is the ability to contribute and influence the direction of open source projects. It’s no longer just about saving money or being able to improve innovation and development velocity; adopting open source has become a much more strategic choice from a business perspective.
In 2023, I feel confident predicting that organizations are going to become more strategic and sophisticated in how they implement open source, which will take shape in a few ways:
- Creating an Open Source Program Office (OSPO) as a centralized virtual office for all aspects of open source operations, from setting guidance and compliance, to training and promoting open source community engagement
- Appointing someone at the executive level to lead OSS strategy, security, and oversee legal compliance around open source licensing (i.e. a Chief Open Source Officer, or COSO, in addition to a CISO and CTO)
- Contributing to open source projects as a means of gaining expertise (eliminating skill gaps) and strategically exerting influence
Every year, we see more and more organizations mature from being merely consumers of OSS to contributors and even leaders in the space. So don’t be surprised if you start seeing Chief Open Source Officer titles appearing on LinkedIn in 2023!
Related: The 2023 State of Open Source Report
3. Legal and Ethical Issues Around Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL)
It’s always hard to make predictions about AI/ML/DL because the landscape shifts so quickly; it feels like the field changes radically from one day to the next. The one thing we can be sure of is that the technology is moving faster than both policy and public opinion, and those may need time to catch up.
The exciting leaps forward in AI/ML/DL in the past year have raised some thorny issues. And open source is a part of the conversation, as much of the tooling used to ingest data and train ML and DL models is open source, as is the infrastructure that hosts AI/ML/DL; for example, Apache Spark and some data sets are also available with open source licenses. I also expect to see more competition from open source options in the hardware space today dominated by NVIDIA.
There is also a lot of debate over data and the intellectual property rights of artists and creators whose work is being used to train models that then generate “new” work. Should that be legal? Should artists be compensated as the source or inspiration of new AI-produced content?
Along similar lines, GitHub’s AI-assisted Copilot uses models trained with natural language and billions of lines of publicly available source code to suggest code for developers, but software developers and lawyers are still weighing in on whether it violates the rights of those who posted code under different open source licenses that require attribution, or if it’s just piracy for copying code. Other offerings in the same space include Amazon CodeWhisperer and IBM's Project CodeNet.
I don’t think we’ll resolve all these issues regarding AI ethics and licensing in 2023, but there’s going to be more awareness and improvements in the tooling. Hopefully, we’ll get closer to a consensus on the best way to address these challenges.
4. Increased Adoption of CentOS Alternatives and OpenSearch
I always like to forecast which technologies will become more prominent in the coming year. A few years ago, I correctly predicted an uptick in Kubernetes adoption coinciding with the rise of container-based microservices architectures.
Given that CentOS 6 and CentOS 8 are already EOL and CentOS 7 is coming to a close, I think more organizations will make the switch to Enterprise Linux alternatives like Rocky Linux and AlmaLinux. Some, of course, are moving to CentOS Stream, which is an active rolling release more suitable to development and testing environments.
I also believe that OpenSearch, an open source fork of previous versions of Elasticsearch and Kibana that debuted in 2021, will become as popular as Elasticsearch. In 2023, I think we’ll see OpenSearch usage reach basically the same levels as Elasticsearch.
For more details on these four trends and other insights about where open source is headed, you can watch the full presentation here:
