Tidelift

Annotate licenses

Document security-policies

Track and communicate package dependencies

Update packages regularly

Remediate vulnerable code artifacts

Implement sufficient code peer review

Implement a dependency update tool

Implement two-factor-authentication

Annotate licenses

Document security-policies

Track and communicate package dependencies

Update packages regularly

Remediate vulnerable code artifacts

Implement sufficient code peer review

Implement a dependency update tool

Implement two-factor-authentication

The Tidelift guide to managing open source

Want to understand the best practices for responsibly using open source components in your organization?

The Tidelift guide to working with open source licenses

We explain important licensing considerations for any team using open source components.

Maintainer spotlight! Ned Batchelder

In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

Cooking with Tidelift

With many people quarantined at home with their families during the pandemic, we thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.

The 2020 Tidelift managed open source survey

We highlight nine of the most interesting revelations that help us understand how to make open source work even better for development teams and the organizations they work within.

An overview of the Tidelift Subscription

Watch an on-demand overview of the Tidelift Subscription.

Free as in Friday: Episode 3

Luis and Josh chat with Jorge Castro, who currently works as a community manager Arrikto, and has previously worked at VMWare and Docker.

Upstream

A free one-day celebration of open source, the developers who use it, and the maintainers who create it

Free as in Friday: Episode 5

Luis and Josh lead a discussion with three folks (staff, advisor, and grantee) from the Chan-Zuckerberg Initiative Open Science work.

Free as in Friday: Episode 4

Luis and Josh have a conversation with A conversation with Dorothy Howard and Stuart Geiger of UCSD.

The 2021 Tidelift open source maintainer survey

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.

Supporting Python open source projects and maintainers

How do you define open source software? What are the challenges an open source project and maintainers face?

We ask a lawyer about GitHub Copilot

Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.

Best practices for safely and effectively building enterprise software applications with open source

Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

How to generate an SBOM with Tidelift

Tidelift solutions architect Sean Wiley shows how to demonstrate a software bill of materials (SBOM) with Tidelift.

The 2022 open source software supply chain survey report

Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.

Software + People: An optimistic (and practical) way forward for the open source software supply chain

Tidelift CEO Donald Fischer gives a talk entitled Software + People: An optimistic (and practical) way forward for the open source software supply chain at Tidelift's annual conference, Upstream.

Tidelift named Gartner® Cool Vendor™

Tidelift named a Cool Vendor in the May 2022 Gartner Cool Vendors in Software Engineering

The importance of a sound open source supply chain management strategy

As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.

Case study: urllib3

Secure development practices and Python supply chain impact

Case story: Distributive

How Distributive uses Tidelift to maximize the security and resilience of its open source application components

Case story: EMPLOYERS® insurance works with Tidelift to improve technical hygiene and remediate Log4Shell vulnerability

When news of the critical vulnerability in popular Java logging tool Log4j broke, the team at EMPLOYERS® was ready.

How the NIST Secure Software Development Framework impacts open source software

Join us when Lauren Hanford, Tidelift VP of product, and Kanish Sharma sit down to discuss the NIST Secure Software Development Framework and share ways organizations can actually follow its guidance, specifically highlighting considerations for the open source software on which all modern software is built.

How to navigate impending open source software security requirements

Open source security is a top, unavoidable priority in 2023. Thanks to the front page press surrounding critical vulnerabilities like Log4Shell and SolarWinds, governments around the globe are taking action.

Predictions: What does open source software supply chain security look like in 2023?

Join Tidelift co-founders Donald Fischer and Luis Villa and Red Monk analysts Stephen O’Grady and Rachel Stephens as they dove into their 2023 open source software supply chain security predictions.

How the NIST Secure Software Development Framework impacts open source software 💾

Maximize the health and security of theopen source powering your applications

A proactive approach to managing open source

Backed by Tidelift and our maintainer partners

Government open source cybersecurity resource center

OPEN SOURCE MANAGEMENT FOR LEADING ORGANIZATIONS

The Tidelift Subscription

Key benefits of the Tidelift Subscription

Improve visibility

Improve decision-making

Improve governance

Improve resilience

Learn how to improve open source software supply chain resilience

Tidelift partners directly with maintainers to ensure their projects meet critical industry standards

KEY ENTERPRISE STANDARDS INCLUDE

Resources to get you started