Tidelift

Annotate licenses

Document security-policies

Track and communicate package dependencies

Update packages regularly

Remediate vulnerable code artifacts

Implement sufficient code peer review

Implement a dependency update tool

Implement two-factor-authentication

Annotate licenses

Document security-policies

Track and communicate package dependencies

Update packages regularly

Remediate vulnerable code artifacts

Implement sufficient code peer review

Implement a dependency update tool

Implement two-factor-authentication

The Tidelift guide to managing open source

Want to understand the best practices for responsibly using open source components in your organization?

Maintainer spotlight! Ned Batchelder

In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

Cooking with Tidelift

With many people quarantined at home with their families during the pandemic, we thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.

The 2020 Tidelift managed open source survey

We highlight nine of the most interesting revelations that help us understand how to make open source work even better for development teams and the organizations they work within.

A demo of the Tidelift Subscription

Watch an on-demand demo of the Tidelift Subscription.

Free as in Friday: Episode 3

Luis and Josh chat with Jorge Castro, who currently works as a community manager Arrikto, and has previously worked at VMWare and Docker.

Upstream

A free one-day celebration of open source, the developers who use it, and the maintainers who create it

Free as in Friday: Episode 5

Luis and Josh lead a discussion with three folks (staff, advisor, and grantee) from the Chan-Zuckerberg Initiative Open Science work.

Free as in Friday: Episode 4

Luis and Josh have a conversation with A conversation with Dorothy Howard and Stuart Geiger of UCSD.

The 2021 Tidelift open source maintainer survey

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.

Supporting Python open source projects and maintainers

How do you define open source software? What are the challenges an open source project and maintainers face?

We ask a lawyer about GitHub Copilot

Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.

Best practices for safely and effectively building enterprise software applications with open source

Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

How to generate an SBOM with Tidelift

Tidelift solutions architect Sean Wiley shows how to demonstrate a software bill of materials (SBOM) with Tidelift.

The 2022 open source software supply chain survey report

Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.

Software + People: An optimistic (and practical) way forward for the open source software supply chain

Tidelift CEO Donald Fischer gives a talk entitled Software + People: An optimistic (and practical) way forward for the open source software supply chain at Tidelift's annual conference, Upstream.

Tidelift named Gartner® Cool Vendor™

Tidelift named a Cool Vendor in the May 2022 Gartner Cool Vendors in Software Engineering

The importance of a sound open source supply chain management strategy

As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.

Case study: urllib3

Secure development practices and Python supply chain impact

Tidelift reference architecture

A technical explanation of all the functionality included in the Tidelift Subscription

Case study: Distributive

How Distributive uses Tidelift to maximize the security and resilience of its open source application components

How to navigate impending open source software security requirements

Open source security is a top, unavoidable priority in 2023. Thanks to the front page press surrounding critical vulnerabilities like Log4Shell and SolarWinds, governments around the globe are taking action.

Predictions: What does open source software supply chain security look like in 2023?

Join Tidelift co-founders Donald Fischer and Luis Villa and Red Monk analysts Stephen O’Grady and Rachel Stephens as they dove into their 2023 open source software supply chain security predictions.

How the maintainers of urllib3 keep the project secure and healthy (and why you should care)

Tidelift VP of Product Lauren Hanford sits down to chat with Seth Larson about all the systems and processes Seth and the team has put into place to keep urllib3 happy and healthy for all those millions of Python dependencies.

How to navigate impending open source software security requirements. RSVP now! 🗺️

Maximize the health and security of theopen source powering your applications

A proactive approach to managing open source

Backed by Tidelift and our maintainer partners

Government open source cybersecurity resource center

OPEN SOURCE MANAGEMENT FOR LEADING ORGANIZATIONS

The Tidelift Subscription

Key benefits of the Tidelift Subscription

Improve visibility

Improve decision-making

Improve governance

Improve resilience

Learn how to improve open source software supply chain resilience

Tidelift partners directly with maintainers to ensure their projects meet critical industry standards

KEY ENTERPRISE STANDARDS INCLUDE

Resources to get you started