In 2025, Open Source Program Office (OSPO) is no longer a new concept. From the latest report released by Linux Foundation The 2025 State of OSPOs and Open Source Management, we can see that OSPO is gradually evolving from a pure compliance and security check role to become a strategic hub for enterprises in open source, AI, security, and culture.
The State and Trends of OSPO in 2025
The diagram below shows the current state of OSPO (Open Source Program Office) and open source management in 2025.
Open Source Security and Compliance
- 92% of OSPOs participate in open source security work.
- 42% make decisions, 50% provide advisory support.
- 49% use internal compliance processes, 36% do legal risk management, 35% do activity reporting.
Generative AI and Emerging Technologies
- 79% of OSPOs are considered effective in managing generative AI risks (65% in 2024).
- 66% of OSPOs are prepared for emerging technologies (such as generative AI, cloud-native infrastructure).
Upstream Contribution and Community Participation
- Organizations with OSPOs are 2.5 times more likely to allow upstream contributions (70% vs. 30%).
- Organizations with OSPOs are nearly 2 times more likely to encourage open source contributions (59% vs. 30%).
- 92% of academic OSPOs report that their primary outcome is improved open source skills.
Organizational Challenges
- 40% face strategic gaps.
- 35% lack executive support.
- 35% struggle to demonstrate ROI.
Positive Impact on Enterprises
- 88% of organizations believe OSPO improves software quality and security.
- 85% of organizations gain greater influence in the open source ecosystem.
- 89% of organizations see improved developer experience.
Development Trends
- The number of organizations planning to establish OSPOs within two years has grown 3 times (from 15% in 2024 to 45% in 2025).
- Improving developer experience is a key driving force.
Globally, this is a maturation stage for OSPO; for Chinese enterprises, although gaps and challenges exist, in the AI-Native era, open source and OSPO may see a new window of opportunity. This is a reason for cautious optimism.
Global Trends: OSPO Evolution
The Linux Foundation report summarizes several key trends:
- Security and Compliance Remain Core: 92% of OSPOs participate in security matters, and more are beginning to take responsibility for AI risk governance.
- Upstream Contribution Becomes Normal: Organizations with OSPOs generally encourage developers to participate in communities rather than just “using open source.”
- Enhanced Developer Experience and Ecosystem Influence: 88% of organizations believe OSPO improves software quality, and 85% believe it increases influence in communities.
- Challenges Still Exist: Difficult-to-measure ROI and insufficient executive support remain key pain points for OSPO survival and development.
This shows: OSPO has moved to the strategic level but hasn’t yet found a fully stable business and governance model.
OSPO and Open Source Practices of Chinese Leading Enterprises
Although domestic companies rarely publicly emphasize the “OSPO” organizational form, we can see shadows in open source projects and community operations:
- Alibaba: Through open source models and platforms like ModelScope and Qwen, it demonstrates an open strategy in the AI-Native era. However, its open source governance mechanisms, compliance review, and external community trust still need strengthening, as does the long-criticized “KPI-style open source.”
- Baidu: Relying on PaddlePaddle and Ernie models, it has formed an open source combination of “framework + models.” The issue is how to enhance trust and collaboration in international communities.
- Tencent: It has many open source projects at the infrastructure and tools level, but lacks a strong “open source strategy” narrative. Complex business lines make unified OSPO policies more complicated.
- ByteDance: It has some participation in the open source community and AI field, but overall transparency is insufficient. It’s more “internal governance + partial openness,” and promotion of external contributions and open source culture is still in early stages.
It’s visible that China’s big tech companies are no longer weak in “number of open source projects,” but still have gaps in institutionalized OSPO architecture, transparency, and international community trust.
Why Am I Still Cautiously Optimistic?
AI-Native Era is a Turning Point
The pace of AI development has made compliance, security, and risk management essential. Enterprises without OSPO or similar functions will struggle to healthily use and contribute to open source in the AI era.
Policy and Industry Trends Are Driving
China’s industrial policy is encouraging AI security and open source development, giving enterprises external motivation to establish OSPOs.
Lightweight Models Are Feasible
For big companies, establishing a complete OSPO isn’t difficult; for SMEs, lightweight OSPO models can be explored, starting with “compliance + internal training + upstream collaboration” and iterating gradually.
Culture Is Sprouting
Open source culture is gradually spreading in China: developers are more willing to participate in open source, and large enterprises are beginning to enhance influence through open source. This is the cultural soil for OSPO’s long-term development.
Conclusion: Cautiously Optimistic Expectations
I maintain a cautiously optimistic attitude toward OSPO development in China. Cautious, because institutionalization, transparency, and community trust still need work; optimistic, because in the AI-Native era, enterprises can hardly bypass open source and OSPO, and instead have more motivation to build and optimize it.
In the coming years, perhaps China’s large companies will gradually produce truly meaningful OSPO achievements:
- Not just the number of open source projects, but governance maturity;
- Not just technical openness, but community participation and international trust;
- Not just compliance and defense, but creating new innovation opportunities through open source.
This is what I look forward to seeing, and it’s also key to whether OSPO can mature in China.
