At OCX, Eclipse Foundation’s Open Community Exchange conference, attendees met to discuss the Eclipse Foundation and what it means to be an open-source developer. The Eclipse Foundation leans heavily towards organizations that develop open source, not the individual developer. Corporate sponsors included Huawei (showing their open-source Oniro OS and Canjie development language for mobile), SAP, and RedHat. The consistent theme throughout discussion of funding models, regulation, AI, and the health of individual open-source projects is that businesses continue to rely heavily on open source.

Funding And The Vendor-Neutral Vendor

The biggest announcement at OCX was not a new tool. Instead, it was a new model for its future existence. Mike Milinkovich, Executive Director of the Eclipse Foundation, announced that OpenVSX is now available as a product. This comes from Eclipse Theia, a modern IDE and framework which incorporates parts of Visual Studio Code, and particularly its plugin framework.

Microsoft prohibits other VS Code forks from using Microsoft’s plugin registry, so everyone else — almost every AI tool that has a forked VS Code IDE — has been using Theia’s plugin registry. Now, open-source projects are rate-limited but can use the plugin registry for free, while commercial products can opt for a paid version with commercial support, increased limits, and SLAs. AWS, Google, and Cursor are OpenVSX’s first customers. Even though AI may relegate the IDE to a tool for inspection and debugging, it’s likely that developers will continue to want to run their AI CLI tools inside IDEs. As long as VS Code is the environment of choice, Eclipse Foundation has a source of funds for its endeavors.

Regulations And Open Source: The CRA Has Everyone Nervous

One track of the EU-centered OCX 2026 focused on compliance. When the first draft of the EU’s Cyber Resilience Act (CRA) first came out in 2022, open-source developers saw disaster, and said so. The EU and its member states, though, are lagging as the September deadline for mandatory reporting of critical vulnerabilities and incidents looms. Milinkovich jokingly opened the panel with, “The CRA is rolling out, where’s my frickin’ standards?”  The EU and national representatives of the CRA, Maika Föhrenbach and Johan Klykens, had few concrete answers.

It’s still unclear if nonprofit open-source stewards take on liability, or even if they’re economic actors as defined by the CRA. Föhrenbach emphasized the CRA was intended to mitigate rather than transfer risk. For now, any organization doing business in Europe should adhere to the spirit of current draft standards. Expect official guidance to come late and keep processes updated as the standards evolve.

Open Source, AI, And Copyright

It wouldn’t be a technology conference in 2026 without a talk about AI. Dr. Lina Böcker, Partner/Lawyer at Osborne Clarke, gave an excellent presentation on AI and copyright with a focus on the EU. When she asked how many developers were using AI already, almost all in attendance raised their hands. Böcker suspected the GPL would probably stand in the EU, meaning some models might be derivative works. In the end, she gave no easy answers but several recommendations: Developers should use deduplication filters and code scanners. Be clear about what’s human and what’s AI. And avoid tools based on conflicting licenses (for instance, an MIT licensed tool with a Llama model license).

Health Of Open-Source Projects

Another track focused on the open-source projects themselves. A study from Bosch identified predictors for successful open-source projects. In the lead were licensing and community-related files like CONTRIBUTING.md. Contributor count and trend-based metrics were secondary, while committer counts, active maintainers, and specific templates for PRs and codes of conduct lagged. A second presentation described how the Eclipse security team used Otterdog to ensure every new Eclipse project conforms to enterprise security standards. Companies spinning up GitHub repos with no guardrails today should investigate how Otterdog keeps things secure.

OCX 2026 shows the future of enterprise open source: professional, prescribed, predictable, and profitable. It may lack the youthful exuberance of the early days of the open-source movement, but businesses prefer outcomes to romance.

If you’re a Forrester client who wants discuss the business impact or strategy of open source, schedule an inquiry or guidance session with me.