For years, the question of whether open source is a bane or a boon has been a subject of debate. While it offers significant advantages by democratising access to tools and technologies, open source also presents a few challenges. But where does it stand in a world dominated by artificial intelligence? Let’s find out…
According to a recent survey by Perforce, the adoption of open source technologies is clearly on the rise, driven by technology leaders who actively contribute to and support the open source community. Approximately 96% of respondents in this survey either maintained or increased their use of open source technologies. This trend is further corroborated by a McKinsey report, in which over 75% of participants confirmed an increase in their use of open source technologies.
What motivates the adoption of open source? Is it primarily driven by cost considerations, the inherent flexibility it offers, the increased control it provides, or other compelling factors? While academic and public sector entities frequently advocate open source solutions, are their reasons solely based on these apparent benefits, or are there less obvious advantages at play? Furthermore, is the decision to embrace open source a binary one, or should we adopt a more nuanced, situation-dependent approach? Let us explore and delve into these details, particularly considering evolving technology trends, including the recent GenAI revolution.
The enterprise IT landscape has come a long way—Big Data took the lead, followed by cloud, e-commerce, and now generative AI has joined the party. And it does not look like the momentum is slowing down anytime soon. But with all this innovation, we are also seeing a new wave of challenges. Stricter regulations, compliance demands, and growing concerns around data sovereignty are pushing enterprises to rethink their strategies. More and more, we are seeing a shift towards hybrid models—keeping PII (personally identifiable information) data in-house, while moving less critical data to the cloud.
Now, with the rise of generative AI and large language models (LLMs), there’s a heavy reliance on massive datasets to train these models—making data protection more important than ever. While the cloud seems like the obvious choice given the scale involved, it is not necessarily a straightforward solution when sensitive PII data is in the mix.
To address this, there are plenty of open source, in-house options that can help manage sensitive workflows securely. But is it really that simple? Or are there hidden complexities we need to be aware of? Let us dig in and find out.
The journey so far
The genesis of open source software was rooted in the academic and research spheres, a fitting origin given the limited knowledge and resources of that era. This initial focus nurtured vibrant user communities and forums, which proved to be fertile ground for its growth. Through effective discussions, seamless sharing, and collaborative development on emerging technologies, a strong foundation was laid.
The development of the UNIX operating system at Bell Labs stands as a significant milestone in the ascent of open source. While the software industry later embraced commercialisation through copyright, a parallel path of open source persevered, fuelled by dedicated focus and effort. The remarkable outcome of this enduring commitment is evident in the present landscape, where an impressive 96% of organisations are either maintaining or actively increasing their utilisation of open source software. With the active contributions of major technology players, open source has now firmly established itself as the new normal.
A deep dive into the current landscape
Today, many organisations include open source as a core component of their technology strategy, backed by well-defined policies and governance frameworks. These policies are designed to identify appropriate areas for open source adoption, establish standard operating procedures (SOPs) for implementation, and enforce guardrails to mitigate security vulnerabilities.
A critical aspect of this strategy is defining clear evaluation criteria for selecting the right open source technologies. Most organisations have a structured mechanism for this, and the key evaluation elements typically include the following.
Reputation and adoption: The credibility of the project and its community, as well as the presence of well-known organisations that use and support the technology.
Long-term sustainability: The availability of ongoing support, active user communities, and forums that can assist in troubleshooting and development challenges.
Governance model: The existence of a transparent and active governance structure with a strong leadership board. It’s important to assess opportunities for community participation—both technical and non-technical—through contributions, advocacy, and volunteering.
Technical debt and security: A review of known technical debt, including existing security vulnerabilities, along with documented plans and timelines for remediation.
In addition to these factors, it’s essential to understand the community dynamics, leadership structure, and key influencers involved in the project. Consideration should be given to how your organisation can become an active participant—potentially even an influencer—in the community, which can be crucial in steering future development and ensuring your needs are addressed.
Addressing the challenges in open source
In contrast to closed source software, which typically has established controls for development, maintenance, continuous support, and alignment with regular patches and updates, open source initially appeared less structured in these areas. This perceived lack of oversight led to scepticism among organisations regarding its widespread adoption. However, the burgeoning startup ecosystem spurred a shift as organisations sought cost-effective solutions for building products. With major players like Google and Meta actively promoting open source software, confidence grew among small and medium-sized enterprises, leading to greater acceptance.
Today, for nearly every need or problem, from everyday office tools to sophisticated large language models, an equivalent open source solution exists. In this way, open source has democratised technology, making it accessible to all and fostering greater innovation.
Furthermore, significant efforts are underway to ensure open source software maintains high common vulnerabilities and exposures (CVE) scores, with vulnerabilities being identified and patched as swiftly as in leading closed source offerings. While concerns existed about sharing extended features, permissive licensing models now largely address this by allowing organisations to protect their intellectual property.
By implementing robust internal controls through well-defined standard operating procedures (SOPs) and undergoing regular external certifications and audits like HIPAA, GDPR, ISO 27001, and SOC 2, organisations utilising open source software can effectively mitigate potential challenges
Finally, it’s important to evaluate the risks and implications should the project’s licence change or the open source initiative transition to a closed-source model in the future.
Open source in the age of AI and generative AI
Open source AI technologies, including recent LLMs such as Google’s Gemma, Meta’s Llama, Alibaba’s Qwen, DeepSeek’s V3, and Microsoft’s Phi, are rapidly advancing. These models are continuously narrowing the gap in effectiveness and performance compared to proprietary foundational models.
Since AI relies on large-scale data processing, the cloud remains the preferred choice for running these models due to the significant infrastructure requirements, including GPU-intensive workloads. However, conservative institutions like banks and government organisations often seek on-premises solutions. Open source models such as Mistral and Llama provide viable alternatives for these needs.
Efforts by platforms like Ollama further enhance accessibility by containerising LLMs, making them available for local execution across various operating systems, including Windows and macOS. Ollama simplifies deployment and installation while offering user-friendly APIs for seamless integration.
Some key advantages of running models locally through Ollama include lower latency and enhanced data privacy. A unique benefit is the consolidation of multiple open source LLMs under one framework. However, it’s important to note that these models may not always be the latest versions and often represent optimised or reduced-scale variants of broader foundational models. For applications where the scope of AI requirements is well-defined, these models can be a practical and efficient solution.
These models can also be conceptualised as small language models (SLMs), focusing on narrower use cases and leveraging optimisation techniques such as model quantization. This technique enables more efficient storage of parameters by reducing precision, utilising fewer bits instead of full floating-point representations.
Overall, open source AI is not merely catching up—it is actively leading the way, catering to organisations that prefer alternatives to cloud-based LLMs. By providing local execution capabilities, these solutions empower institutions to harness AI’s potential without compromising on control and security.
Summarising the journey
Since its inception, open source technology has evolved in a highly organic yet strategic manner, steadily earning the confidence of the broader ecosystem. This growth has been fuelled by the collaborative efforts of academia, industry leaders, research institutions, and global developer communities. Today, open source functions as a parallel innovation engine, advancing in step with transformative technologies such as generative AI.
Over time, open source has matured into a credible and secure alternative to proprietary solutions—particularly for organisations operating under strict regulatory and compliance frameworks. It has consistently demonstrated its ability to meet enterprise-grade security and governance standards, making it a compelling choice for those with concerns around processing sensitive or personally identifiable information (PII) in public cloud environments.
Importantly, the strong governance structures and mature operating models surrounding open source platforms significantly mitigate the risk of disruption—even in the event of a transition to a closed source model. These mechanisms ensure continuity, maintainability, and long-term sustainability, providing leadership with the assurance that their strategic investments will remain resilient and viable, regardless of shifts in licensing or ownership.
For organisations navigating the complexities of data privacy and cloud adoption, a hybrid architecture offers a practical and strategic path forward. By hosting non-sensitive workloads in the cloud while retaining sensitive data on-premises, enterprises can strike a balance—leveraging the scalability and innovation of cloud platforms while preserving full control over critical data assets. This hybrid approach supports both agility and governance, aligning with long-term business and technology goals.
Are organisations truly resilient enough to adapt if key open source technologies were to shift towards closed source models? That’s something to reflect on.
Note: The views expressed by the author are his own and in no way represent or reflect the views of the organisation he is associated with.
