This has been an extraordinary year for open source software. From groundbreaking advancements in programming tools to heated debates on the future of licensing and standards, the open source ecosystem continues to evolve at an unprecedented pace.
With 2025 approaching, it’s an ideal time to reflect on where we’ve been and where we’re heading. Here are my thoughts, predictions and hot takes for the year ahead, covering what I’m most bullish about and where I foresee stagnation or setbacks.
A Defining Year for Rust in the Kernel
Rust’s inclusion in the Linux kernel has been a long time coming. Back in April 2021 when I was at Google, I partnered with ISRG to formally support Rust for Linux by providing Miguel Ojeda with a contract to work on the project and other memory-safety efforts full time.
I firmly believe that funding this type of work isn’t enough; you need the full-time commitment from accomplished engineers like Ojeda to be successful. That investment paid off: 2024 was the year Rust in the kernel finally hit the mainstream. Drivers are now being written in Rust, and the momentum is undeniable.
Looking ahead, 2025 could see an explosion in Rust’s adoption for kernel development. Rust’s focus on memory safety, performance and its modern programming model makes it an ideal choice for a new generation of kernel programmers.
Memory safety alone could prevent countless vulnerabilities, a perennial concern in low-level system programming. The Linux community has already begun embracing Rust’s potential and Google is experimenting with Rust in critical projects, so we should expect more organizations to follow suit as they recognize the benefits of integrating Rust into their software stacks.
jj and uv: Two Two-Letter Tools to Watch
Two emerging tools I’m excited about for 2025 are jj and uv. Both are poised to redefine their respective domains.
Jujutsu (jj) is a new version control system that cleverly balances compatibility with git while introducing a far more intuitive mental model for branching, changes and diffs. I’ve been a proponent of git and its dominance has been great for the community, but its steep learning curve and esoteric concepts such as directed acyclic graphs (DAGs) and Merkle trees can be daunting for many developers.
Jujutsu reimagines version control with a simpler and more user-friendly approach. Developers accustomed to git will appreciate jj’s interoperability, while newcomers will find it much easier to learn and use. By the end of 2025, I predict jj could capture a double-digit share of git usage due to its appeal to teams frustrated by git’s complexity.
Unified Python Package Management (uv) unifies all the best parts of all of the existing Python tools. Python developers have long struggled with a fragmented ecosystem of package managers, virtual environments and dependency tools. Unifying these disparate solutions into a single, cohesive experience, uv manages virtual environments, package dependencies, tools and even Python versions seamlessly.
In just its first year, uv has gained significant traction among developers, offering a much-needed modern replacement for tools like pip, venv and pyenv. I’m betting that uv will achieve 40% adoption in 2025, transforming the way Python projects are managed and paving the way for smoother workflows.
SBOMs, Fair Source and Wasm: Not Going to Happen
While I’m optimistic about many aspects of open source, there are a few trends I don’t see gaining traction next year.
- SBOMs will continue to be stuck in regulatory limbo. Software bills of materials (SBOMs) continue to be a hot topic in cybersecurity policy, but their real-world impact remains limited. Despite regulatory pushes, SBOMs often feel like checkbox compliance exercises that add little value to actual vulnerability management. Unless the U.S. government and other stakeholders shift their focus to more impactful initiatives, SBOMs are unlikely to see any significant adoption in 2025.
- Fair source will be a non-starter for open source communities. The fair source licensing model, which imposes restrictions on commercial use, might gain traction among companies transitioning away from traditional open source. However, it’s unlikely to foster meaningful community engagement or adoption by major projects. Fair source simply doesn’t align with the ethos of open source, and I don’t see it gaining significant momentum in 2025.
- Server-side Wasm is overengineered and overhyped. While WebAssembly (Wasm) shows promise for browser-based and plugin use cases, its adoption on the server side remains lackluster. The objections to WASI’s component model and governance issues within the Bytecode Alliance have stymied progress. Containers and serverless platforms remain the go-to choices for most developers, and I don’t see server-side Wasm achieving critical mass in 2025.
Open Source’s Resiliency
What else will this year hold? Well, no one should be surprised when we experience another xz utils-style security incident. The discovery of vulnerabilities in widely used utilities like xz utils reminded us of the risks inherent in open source. Unfortunately, similar incidents are almost inevitable as the attack surface of open source projects continues to grow. That’s why this year, companies will continue to invest in software supply chain security.
We’ve seen time and time again that the open source ecosystem is resilient. In the face of attacks and despite ongoing debates about sustainability, open source isn’t going anywhere. While dissidents will always voice concerns about companies profiting from free software, 2025 promises to be another dynamic year for open source.
The rise of Rust, jj, and uv highlights the ongoing innovation within the community, while the tempered expectations around SBOMs, fair source and server-side Wasm remind us that not every trend will pan out.
One thing is certain: Open source will continue to be a driving force in technology, shaping the future of software development for years to come.
The post Rust Will Explode, SBOMs Will Be Duds: Open Source Predictions appeared first on The New Stack.