Open source use rises as firms shun vendor lock-in
Concern over vendor lock-in is driving a global surge in open source adoption, with European organisations leading the shift to digital autonomy.
Published on 26th March 2026
Perforce has released its annual State of Open Source Report, based on a survey of 715 open source users worldwide.
The findings show a sharp rise in concern about vendor lock-in as a reason for adopting open source software, with the trend most pronounced in Europe. Just over 55% of respondents cited avoiding vendor lock-in as a leading driver, up 68% year on year. In the UK and EU, 63% said it was a top reason for choosing open source software, compared with 51% in North America.
Produced with the Open Source Initiative and the Eclipse Foundation, the study examined adoption patterns, operational pressures, security patching, compliance risks, and deployment across on-premise and cloud environments.
One of the strongest regional findings centred on digital autonomy and data sovereignty. The survey suggests European organisations are moving towards open source faster than their US counterparts, as regulation and concerns about control over software and infrastructure weigh more heavily on decision-making.
“Digital autonomy has become a strategic priority for European organisations, and it’s part of a broader push toward data sovereignty in light of increasingly strict EU regulatory requirements,” said Matthew Weier O’Phinney, principal product manager for Perforce OpenLogic and the report’s lead author.
He added that open source offers a clear path to that independence, but only when paired with infrastructure choices that preserve flexibility. Vendors that prioritise portability, allowing customers to deploy where they choose, and that deliver value rather than lock-in, will be essential partners in achieving digital sovereignty.
Maintenance Burden
The survey also found that large organisations are spending substantial time maintaining existing software rather than building new products or features. Among respondents at enterprises with more than 5,000 employees, 60% said they spend at least half their time on maintenance and bug fixes.
That pressure appears heavier still for enterprise Java teams. Nearly a third, 31%, said they spend between 75% and 90% of their time on maintenance and fixes, leaving only 10% to 25% for new work.
The findings point to a widening gap between open source adoption and the resources needed to keep systems current. Frequent release cycles and software changes that demand regular upgrades are driving that burden.
Weier O’Phinney noted that the six-month release cycle for JDK, now also adopted for Spring Framework, requires Java developers to upgrade more frequently.
He added that Java 17 introduced a breaking namespace change affecting nearly all Java applications, something automation cannot fully correct. As a result, development focus shifts from new features to maintenance.
Security Pressures
Security patching remained the most commonly cited challenge across organisations of all sizes. In the survey highlights, 38% said security patches and updates were their biggest open source challenge, ahead of installations, upgrades, and configurations at just over 29%. Technical support ranked third at just under 29%, up 21% year on year.
The report also found that 20% of organisations had no specific process for dealing with Common Vulnerabilities and Exposures. Among large enterprises, 39% said meeting internal service level agreements for vulnerability remediation was difficult.
Compliance risks also featured heavily. Among organisations that failed a compliance audit in the past year, 55% were using end-of-life software, underlining the risks tied to unsupported products and older software stacks.
Audit failure rates were reportedly twice as high for organisations running legacy versions of Tomcat, Spring Boot, and Spring Framework. End-of-life products still in use also included CentOS and AngularJS.
Planning Gap
The report suggests many organisations have yet to prepare for tighter compliance rules. Only 16% of respondents said they had a plan in place to address forthcoming compliance changes.
That gap comes as businesses face a mix of operational and governance demands tied to open source use, from patching and upgrades to proving software provenance and support status during audits.
Despite those pressures, open source adoption appears resilient. Fewer than 2% of organisations said they had reduced their use of open source software over the past year.
Deb Bryant of the Open Source Initiative said the figures reflected a broad strategic shift in how organisations view control over their technology choices.
“This year’s findings confirm what the open source community has long understood: the freedom to choose your own technology path is a strategic necessity. A 68% surge in organisations citing vendor lock-in avoidance tells us that enterprises are actively seeking the flexibility and independence that open source uniquely provides,” said Deb Bryant, interim executive director of the Open Source Initiative.
She added that this growth reinforces the need to invest in the sustainability of open source projects and communities. Open source can only deliver on the promise of digital autonomy if it remains well maintained, well funded, and truly open.
Source
Image Credit
Asih Wahyuni via Vecteezy