Open source consumption has outpaced the governance programs built to manage it. As AI coding assistants become standard in developer workflows, the gap between what enters your environment and what your security team can actually govern is widening fast.
The data from our commissioned IDC Analyst Brief reflects that gap:
- 72% of organizations experienced a direct impact from a community-supported open source software-related vulnerability or compromise in the past year
- 97% of organizations report some level of AI coding assistant use in daily developer workflows, introducing a dependency intake channel most governance programs don’t yet account for
- 48,000+ CVEs were disclosed in 2025 against a backdrop of nearly 10 trillion open source package downloads in the same year
This ActiveState-sponsored IDC Analyst Brief reveals where open source software governance is breaking down and what leading teams are doing differently in 2026.
Complete the form to download the IDC Analyst Brief.
