Welcome to our webinar recap: “2025 Open Source Software Risk Management Predictions,” featuring insights from Russ Eling of OSS Consultants and Jon Aldama from FossID. As open source continues to dominate software development, 2025 is shaping up to be a year of both exciting innovation and evolving challenges. From the increasing adoption of AI tools to the growing pressure around compliance and transparency, teams of all sizes will potentially need to adapt quickly to keep up.
Prediction #1: AI Coding Assistants Take on More Responsibility
Last year saw a boom in AI-generated code, but many developers still treated it like a novelty, and that’s changing fast. With a 59% surge in generative AI contributions on GitHub and a 98% increase in projects in general in 2024, AI is reshaping how code is created. But this rapid growth brings new challenges, particularly in open source license compliance.
In 2025, we expect to see AI tools like GitHub Copilot and CodeWhisperer move from experimental add-ons to essential daily companions for developers. Companies will start adopting internal policies around usage, reviewing AI-generated code with more scrutiny, and exploring how these tools impact their open source license obligations. The potential is huge, but so are the legal and security implications. Most AI tools don’t disclose the origins or licenses of the code they produce, creating potential risks for organizations. As AI becomes more normalized in coding, navigating these challenges will be crucial.
Prediction #2: License Complexity Gets Crazier.
Open source license landscapes are more tangled than ever. As more projects mix and match different license types, teams are left navigating a maze of obligations. This isn’t new, but it is accelerating. Developers are also starting to encounter unfamiliar or niche licenses more frequently, and companies need to understand what they’re agreeing to when they incorporate that code. In 2025, we expect more conversations about license compatibility, relicensing efforts, and how legal and engineering teams can better collaborate on license review.
Prediction #3: OSPO Meets Mid-Market.
We expect to see OSPOs gaining traction with mid-sized companies. Why? Because the pressure to understand and manage open source usage is universal, whether you’re a Fortune 100 or a fast-growing SaaS company. Customers, partners, and regulators are asking questions: What open source do you use? How do you track it? Is it secure and compliant?
More mid-market orgs are recognizing they need answers. Some are spinning up lightweight OSPOs staffed by part-time legal, engineering, or security team members. Others are turning to OSPO-as-a-service solutions to gain expertise without building a full department.
According to the Linux Foundation’s 2024 State of Open Source Management report, the #1 anticipated benefit from implementing an OSPO is better awareness of open source usage and dependencies. That awareness pays off in license compliance, SBOM accuracy, and vulnerability management.
Prediction #4: License Compliance is Taken More Seriously
This might finally be the year. Between an uptick in audits, public compliance missteps, and greater scrutiny during mergers and acquisitions, license compliance is moving up the priority list for many companies.
More organizations are shifting from reactive to proactive because audits are on the rise, public compliance failures are getting more attention, and mergers and acquisitions are triggering deep due diligence.
We’re also seeing tools and processes mature. Companies are integrating license checks into their CI/CD pipelines, using SBOMs for real-time license visibility, and investing in developer education.
Prediction #5: SBOM Automation Becomes More Realistic
In 2025, we expect automated SBOM creation and maintenance to become a reality for many organizations. With more automated tools built into CI/CD pipelines, generating and updating SBOMs is becoming less painful and more accurate..
The shift is from static PDFs stored in shared drives to dynamic, living documents integrated with compliance dashboards and vendor risk platforms.
This evolution makes SBOMs not just achievable but actually useful. They can now serve as real-time records of your software supply chain, helping you respond faster to zero-days, audit requests, or customer security inquiries.
Automation won’t solve every SBOM problem, but it can significantly improve efficiency, especially for companies without dedicated OSPO staff.
Closing Thoughts
From AI-assisted coding to mid-market OSPOs and automated SBOMs, 2025 will mark a pivotal year for open source management. The tools are getting smarter, the expectations are getting higher, and the stakes are only increasing. Whether you’re a developer experimenting with AI, a legal team wrangling licenses, or a mid-sized company building your first OSPO, one thing is clear: open source isn’t slowing down, and neither should you.