Open Source Program Offices Emerge as Strategic Hubs for AI Innovation, Security and Open Source Culture

Organizations with OSPOs report stronger AI readiness, better security outcomes and greater upstream participation

Amsterdam, 25 August 2025 — Linux Foundation Research, in partnership with TODO Group, CNCF, FossID and FinOps Foundation, today released the 2025 edition of the State of OSPOs and Open Source Management research study report.

Now in its eighth consecutive year, the data reveals that OSPOs are increasingly shaping how companies respond to regulatory demands, empower developer experience and build long-term trust in their organization’s open source engagements. 

This report delivers actionable insights into how open source management is being structured, sustained, and scaled across sectors, with a focus on the distinct challenges faced by large enterprises, SMEs, and academic and research institutions.

Key Highlights from the 2025 Report

• Security at the forefront: 92% of OSPOs are involved in open source security, with 42% playing decision-making roles.
• AI governance gains ground: 79% of OSPOs are rated effective in managing generative AI risks, up from 65% in 2024.
• Upstream contribution normalized: Organizations with an OSPO are 2.5x more likely to allow upstream contributions (70% vs. 30%) and 2x more likely to actively encourage them.
• Sustained impact: 88% of organizations with an OSPO report improved software quality and security; 89% see improved developer experience.
• Institutional growth: Formal OSPOs have rebounded from 26% in 2024 to 32% in 2025.
• Academic momentum: 92% of academic OSPOs cite improved open source skills as their top impact.
• Planning ahead: The number of organizations planning to launch an OSPO in 1-2 years tripled (15% up to 45%).

The full report is now available for download!

The raw dataset, survey reference model, filter criteria and survey instrument resources are also publicly accessible via Data.World and the TODO OSPO Survey Repository to support replication, further analysis, and community-driven research.

Voices from the community

“While their traditional roles include compliance and security governance, OSPOs now play a broader role: supporting corporate business strategies, enabling cross-organizational and regional collaboration, and contributing to the resolution of social issues.”

— Yuichi Nakamura, OSPO Lead, Hitachi, Ltd.

“Compliance with the EU CRA has no doubt added to the importance of OSPOs being involved in open source security from the outset in many organizations.”

— Natali Vlatko, Open Source Lead Architect, Cisco

“The report once again underscores the substantial value that OSPOs bring to organizations by fostering upstream engagements, enhancing software quality, and driving cultural change.”

— Georg Kunz, Open Source Program Manager, Ericsson

“Sustaining an OSPO isn’t optional—it’s a commitment we actively see translate into consistent code quality, compliance, security, and innovation.”

— Brittany Istenes, Open Source Strategist, TODO Group Steering Committee and FINOS Member

“It’s encouraging to see that software quality, security, or compliance are key focuses for OSPOs, as this aligns with the focus of the wider OSS funding landscape that we see.”

— Alice Sowerby, Steering Committee Member, TODO Group

The 2025 report offers actionable insights into how organizations around the world are structuring, sustaining and scaling their open source efforts—whether they are large enterprises, SMEs or universities.

Produced in collaboration with the distribution partners CURIOSS, InnerSource Commons, Open Source Initiative and Open Source Security Foundation (OpenSSF).