Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.
Tidelift partners directly with maintainers and pays them to ensure the open source software organizations rely on meets enterprise standards now and into the future.
Understand how the new government cybersecurity requirements will impact your organization
Get a complete view of open source in use across the organization, including transitive dependencies while dynamically generating up-to-date SBOMs after every build.
Make more informed decisions with human- researched, validated, and normalized metadata from Tidelift and maintainer partners—and share them across the organization.
Centralize open source security, maintenance, and licensing policies and standards while empowering developers to self-serve from catalogs of approved components.
Validate that the components you use meet emerging enterprise standards—now and into the future—with help from Tidelift and our maintainer partners.
Tidelift analyzes and aggregates the most meaningful industry standards (from multiple sources, including NIST and OpenSSF) and pays open source maintainers to ensure their projects meet these standards.
Want to understand the best practices for responsibly using open source components in your organization?
We explain important licensing considerations for any team using open source components.
In this episode we’re shinning our maintainer spotlight on Ned Batchelder.
With many people quarantined at home with their families during the pandemic, we thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.
We highlight nine of the most interesting revelations that help us understand how to make open source work even better for development teams and the organizations they work within.
Watch an on-demand overview of the Tidelift Subscription.
Luis and Josh chat with Jorge Castro, who currently works as a community manager Arrikto, and has previously worked at VMWare and Docker.
A free one-day celebration of open source, the developers who use it, and the maintainers who create it
Luis and Josh lead a discussion with three folks (staff, advisor, and grantee) from the Chan-Zuckerberg Initiative Open Science work.
Luis and Josh have a conversation with A conversation with Dorothy Howard and Stuart Geiger of UCSD.
In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.
How do you define open source software? What are the challenges an open source project and maintainers face?
Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.
Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.
Tidelift solutions architect Sean Wiley shows how to demonstrate a software bill of materials (SBOM) with Tidelift.
Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.
Tidelift CEO Donald Fischer gives a talk entitled Software + People: An optimistic (and practical) way forward for the open source software supply chain at Tidelift's annual conference, Upstream.
Tidelift named a Cool Vendor in the May 2022 Gartner Cool Vendors in Software Engineering
As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.
Secure development practices and Python supply chain impact
How Distributive uses Tidelift to maximize the security and resilience of its open source application components
When news of the critical vulnerability in popular Java logging tool Log4j broke, the team at EMPLOYERS® was ready.
Join us when Lauren Hanford, Tidelift VP of product, and Kanish Sharma sit down to discuss the NIST Secure Software Development Framework and share ways organizations can actually follow its guidance, specifically highlighting considerations for the open source software on which all modern software is built.
Open source security is a top, unavoidable priority in 2023. Thanks to the front page press surrounding critical vulnerabilities like Log4Shell and SolarWinds, governments around the globe are taking action.
Join Tidelift co-founders Donald Fischer and Luis Villa and Red Monk analysts Stephen O’Grady and Rachel Stephens as they dove into their 2023 open source software supply chain security predictions.