<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Resources to get you started

Tidelift briefing: What you need to know about the Log4Shell vulnerability

Tidelift briefing: What you need to know about the Log4Shell vulnerability

Mark Galpin breaks down the current Log4Shell situation and shares tips for remediating the issue. You won't want to miss this.

From Heartbleed to Log4Shell: How are things better? How are they the same?

From Heartbleed to Log4Shell: How are things better? How are they the same?

Tidelift solutions architect lead Mark Galpin shares insights into theLog4Shell vulnerability and discusses how things have changed since Heartbleed.

Tracy Bannon from MITRE talks OSS supply chain security and how to help your overburdened dev team

Tracy Bannon from MITRE talks OSS supply chain security and how to help your overburdened dev team

For years, experts have been telling the government to take stock of the software supply chain by generating software bills of materials and defining standards and policies for use.

Webinars

Best practices for safely and effectively building enterprise software applications with open source

Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

From Heartbleed to Log4Shell: How are things better? How are they the same?

Tidelift solutions architect lead Mark Galpin shares insights into theLog4Shell vulnerability and discusses how things have changed since Heartbleed.

Tidelift briefing: What you need to know about the Log4Shell vulnerability

Mark Galpin breaks down the current Log4Shell situation and shares tips for remediating the issue. You won't want to miss this.

Tracy Bannon from MITRE talks OSS supply chain security and how to help your overburdened dev team

For years, experts have been telling the government to take stock of the software supply chain by generating software bills of materials and defining standards and policies for use.

Guides and reports

Tidelift catalogs clean up the enterprise open source portfolio

In this Amalgam Insights report, principal analyst Hyoun Park shares how Tidelift catalogs can help enterprise organizations manage their open source portfolio.

451 Research | Pathfinder Report: Managed open source

Principal analyst Jay Lyman shares data about the increasing prominence of open source as an enterprise development and IT operations priority.

The Tidelift guide to managed open source

Want to understand the best practices for responsibly using open source components in your organization?

Surveys

The 2021 Tidelift open source maintainer survey

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.

The 2020 Tidelift managed open source survey

We highlight nine of the most interesting revelations that help us understand how to make open source work even better for development teams and the organizations they work within.

The 2019 Tidelift managed open source survey results

Eight key findings illustrating how to make open source even better for developers

Videos

A demo of the Tidelift Subscription

Watch an on-demand demo of the Tidelift Subscription.

How the Tidelift Subscription works

This 90-second video explains how the Tidelift Subscription manages your dependencies for you.

The Tidelift approach to securing open source dependencies

Want to learn more about securing your open source dependencies?

Podcasts

We ask a lawyer about GitHub Copilot

Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.

Supporting Python open source projects and maintainers

How do you define open source software? What are the challenges an open source project and maintainers face?

Maintainer spotlight! Ned Batchelder

In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

Free as in Friday, a casual chat about all things open source and technology

Free as in Friday: Episode 5

Luis and Josh lead a discussion with three folks (staff, advisor, and grantee) from the Chan-Zuckerberg Initiative Open Science work.

Free as in Friday: Episode 4

Luis and Josh have a conversation with A conversation with Dorothy Howard and Stuart Geiger of UCSD.

Free as in Friday: Episode 3

Luis and Josh chat with Jorge Castro, who currently works as a community manager Arrikto, and has previously worked at VMWare and Docker.

Blogs

Donald Fischer chats with SiliconANGLE about how Tidelift can help organizations prepare for the next Log4Shell

Donald Fischer chats with SiliconANGLE about how Tidelift can help organizations prepare for the next Log4Shell

FTC warns of legal action for failure to protect against open source vulnerabilities—here’s how you can minimize risk

FTC warns of legal action for failure to protect against open source vulnerabilities—here’s how you can minimize risk

Log4Shell: What your organization needs to know about the zero-day vulnerability in Log4j, and how Tidelift can help

Log4Shell: What your organization needs to know about the zero-day vulnerability in Log4j, and how Tidelift can help

News

These former Red Hat employees just got $25 million to try to find a new business model for open source software

These former Red Hat employees just got $25 million to try to find a new business model for open source software

Tidelift is building a new model for open source software: Airbnb for maintainers

Tidelift is building a new model for open source software: Airbnb for maintainers

How to accelerate development with well-maintained and secure open-source components

How to accelerate development with well-maintained and secure open-source components