<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Resources to get you started

10 critical things to know before depending on an open source project
10 critical things to know before depending on an open source project

When pulling new open source dependencies into your application, you need to ensure you are making smart decisions that don’t open up your organization to risk. So how should you go about doing the research?

New video story: How Distributive uses Tidelift to maximize open source security and resilience
New video story: How Distributive uses Tidelift to maximize open source security and resilience

Within days of using the Tidelift application, the Distributive team found a potential vulnerability that npm-audit hadn’t, and quickly and safely fixed those issues with Tidelift’s CLI tool.

Upstream
Upstream

A free one-day celebration of open source, the developers who use it, and the maintainers who create it

Webinars

10 critical things to know before depending on an open source project
When pulling new open source dependencies into your application, you need to ensure you are making smart decisions that don’t open up your organization to risk. So how should you go about doing the research?
Defense in depth: How to use Tidelift alongside your SCA tool
Many of our customers are using Tidelift and one or more SCA tools together as part of what we call a “defense in depth” strategy, where SCA handles reactively detecting security vulnerabilities and Tidelift handles proactively improving the health and security of your open source software supply chain.
Tidelift + Medcrypt: Using SBOM data to comply with government cybersecurity regulations
Tidelift VP of product, Lauren Hanford, sat down with Medcrypt’s VP of product, Om Mahida, to review government product security requirements, in particular discussing software bills of materials (SBOMs).

Analysts

Gartner® Hype Cycle™ for Open-Source Software, 2023
Gartner’s Hype Cycle reports are meant to help understand the commercial viability of and maturity timeline of new technology trends.
The importance of a sound open source supply chain management strategy
As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.
Best practices for safely and effectively building enterprise software applications with open source
Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

Guides and reports

Tidelift guide to U.S. government cybersecurity requirements
The U.S. government is taking action to set higher cybersecurity standards. How will they impact your organization? Learn what application development teams using open source need to know about U.S. government cybersecurity guidelines and how to stay in compliance.
The Tidelift guide to managing open source
Want to understand the best practices for responsibly using open source components in your organization?
Cooking with Tidelift
We thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.

Case studies

Case study: urllib3
Secure development practices and Python supply chain impact
Case story: Distributive
How Distributive uses Tidelift to maximize the security and resilience of its open source application components
Case story: EMPLOYERS® insurance works with Tidelift to improve technical hygiene and remediate Log4Shell vulnerability
When news of the critical vulnerability in popular Java logging tool Log4j broke, the team at EMPLOYERS® was ready.

Surveys

The 2023 Tidelift state of the open source maintainer report
Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.
The 2022 open source software supply chain survey report
Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.
The 2021 Tidelift open source maintainer survey
In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.

Videos

Open source management and policy compliance demo
Watch this quick demo to learn how Tidelift can help your organization generate software bills of materials (SBOMs) and implement open source usage and management standards consistently across development teams.
Tidelift validated open source package intelligence demo
Watch this quick demo to learn about Tidelift’s open source package intelligence data that is researched and validated by Tidelift and our paid maintainer partners and available via the Tidelift Subscription. Tidelift automates the data collection, curates and structures the data, and provides APIs to easily integrate with existing workflows and business intelligence tools.
Tidelift attestation data demo
This short demo will walk you through how Tidelift can help your organization attest to the cybersecurity practices of the open source components in your software supply chain and meet government compliance requirements.

Podcasts

We ask a lawyer about GitHub Copilot
Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.
Supporting Python open source projects and maintainers
How do you define open source software? What are the challenges an open source project and maintainers face?
Maintainer spotlight! Ned Batchelder
In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

Upstream podcast

Upstream podcast E1S1: The future of open
What we got wrong about crypto, what we might get right about AI video
Open joy!: How happiness helps open happen
In this week’s episode of the Upstream podcast, Luis Villa sits with Annie Rauwerda of Depths of Wikipedia and Sumana Harihareswara, stand-up comedian and founder of Changeset Consulting.
Open and developer culture: What happened to people when software went open?
In this week’s episode of the Upstream podcast, Luis Villa sits with Kellan Elliot-McCrea of Adobe and Adam Jacon, CEO of System Initiative. Should software development teams be a team sport or an orchestra rather than a factory?
Open data: Open data: We all need you!
In this week’s episode of the Upstream podcast, Luis Villa sits with Heather Leson, digital innovation lead at the International Federation of Red Cross and Red Crescent Societies (IFRC) and Monica Granados, assistant director of open climate at Creative Commons.

Blogs

Tidelift at AWS re:Invent 2023
Tidelift at AWS re:Invent 2023
The largest problems require government collaboration: Tidelift’s response to the ONCD RFI
The largest problems require government collaboration: Tidelift’s response to the ONCD RFI
Tidelift co-founder Luis Villa talks Wikipedia, government regulations, and AI with FLOSS Weekly
Tidelift co-founder Luis Villa talks Wikipedia, government regulations, and AI with FLOSS Weekly

News

Tidelift raises $27M to secure open source supply chain
Tidelift raises $27M to secure open source supply chain
Tidelift raises $27 million in Series C funding as open source software supply chain health and security become urgent priorities
Tidelift raises $27 million in Series C funding as open source software supply chain health and security become urgent priorities
Venture Capital Deals
Venture Capital Deals