<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Resources to get you started

The 2024 Tidelift maintainer impact report
The 2024 Tidelift maintainer impact report

Our annual maintainer impact report shines a light on the most current and compelling evidence of the positive outcomes organizations can achieve when they invest directly in their open source software supply chain by paying maintainers.

The Tidelift Subscription: Eliminating risk from bad open source packages
The Tidelift Subscription: Eliminating risk from bad open source packages

With the Tidelift Subscription, organizations can evaluate and monitor packages, eliminate bad ones, and improve overall security, productivity, and application quality.

Top findings from the 2024 Tidelift state of the open source maintainer report
Top findings from the 2024 Tidelift state of the open source maintainer report

We recently released this year’s state of the open source maintainer report, with 12 big headlines about the data we collected from over 400 open source maintainers. Some findings align with what we know already, but there are some new and surprising stats!

Webinars

Top findings from the 2024 Tidelift state of the open source maintainer report
We recently released this year’s state of the open source maintainer report, with 12 big headlines about the data we collected from over 400 open source maintainers. Some findings align with what we know already, but there are some new and surprising stats!
Life as a maintainer after the xz utils backdoor hack
The explosive details about the recent xz utils backdoor hack, in which a volunteer open source maintainer was manipulated over a period of years into giving commit access to their project, have sent shudders across all open source communities.
How to reduce your organization's reliance on "bad" open source packages
Watch this webinar when Lauren will go over the ways to reduce your organizations reliance on “bad” open source packages and will review what “bad” open source package really means.

Analysts

Gartner® Hype Cycle™ for Open-Source Software, 2023
Gartner’s Hype Cycle reports are meant to help understand the commercial viability of and maturity timeline of new technology trends.
The importance of a sound open source supply chain management strategy
As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.
Best practices for safely and effectively building enterprise software applications with open source
Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

Guides and reports

The Tidelift guide to reducing security risk from bad open source packages
Learn how to proactively reduce security risk from bad open source packages and use open source with confidence with the Tidelift Subscription.
10 questions you should answer before using an open source project
The easiest way to avoid having to replace problematic open source dependencies is to not bring them in at all. Learn more in our newest inforgraphic.
The Tidelift 2023 open source maintainer impact report
Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Case studies

Open source security through the lens of Tidelift
Cisco’s internal development teams, using Corona enhanced with open source metadata provided by Tidelift, can now access insightful package metadata and gain additional insights into vulnerabilities.
Maintainer case study: How a lone maintainer of over 450 JavaScript packages keeps them well maintained and secure
Maintainer Jordan Harband used income from Tidelift and its customers to consistently maintain over 450 JavaScript packages during good times and bad
ROI case study: The value of a proactive approach to open source application security
Hear from a Tidelift customer who worked with Tidelift and its maintainer partners to save time and money while strengthening the resilience of the open source powering their applications.

Surveys

The 2024 Tidelift maintainer impact report
Our annual maintainer impact report shines a light on the most current and compelling evidence of the positive outcomes organizations can achieve when they invest directly in their open source software supply chain by paying maintainers.
The Tidelift state of the open source maintainer report
More than 400 maintainers responded and shared details about their work, including how they fund it, who pays for it, and what kinds of security, maintenance, and documentation practices they have in place today or would consider in the future.
The 2023 Tidelift state of the open source maintainer report
Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Videos

Monitoring and remediating risk from open source packages with Tidelift
Learn about how development teams can use Tidelift to minimize rework, boost productivity, and increase application resilience, by helping teams monitor and remediate risk from the open source in use at their organization.
Paying maintainers to improve their project’s security practices (the urllib3 story)
With support from Tidelift, urllib3 maintainers have been able to improve security practices, including adding two-factor authentication and automating release processes. Their efforts led to urllib3 achieving an impressive 9.6/10 score on the OpenSSF Scorecard.
Evaluating open source packages with Tidelift
Discover how Tidelift empowers application developers to confidently use open source packages. Tidelift partners with the maintainers of thousands of popular open source packages, ensuring industry-leading secure software development practices.

Podcasts

We ask a lawyer about GitHub Copilot
Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.
Supporting Python open source projects and maintainers
How do you define open source software? What are the challenges an open source project and maintainers face?
Maintainer spotlight! Ned Batchelder
In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

Upstream podcast

Upstream podcast E1S1: The future of open
What we got wrong about crypto, what we might get right about AI video
Open joy!: How happiness helps open happen
In this week’s episode of the Upstream podcast, Luis Villa sits with Annie Rauwerda of Depths of Wikipedia and Sumana Harihareswara, stand-up comedian and founder of Changeset Consulting.
Open and developer culture: What happened to people when software went open?
In this week’s episode of the Upstream podcast, Luis Villa sits with Kellan Elliot-McCrea of Adobe and Adam Jacon, CEO of System Initiative. Should software development teams be a team sport or an orchestra rather than a factory?

Blogs

Enabling enterprise developers to shift left
Enabling enterprise developers to shift left
Introducing the 2024 Tidelift maintainer impact report
Introducing the 2024 Tidelift maintainer impact report
Luis Villa at TechCrunch Disrupt: Free but not cheap, the open source dilemma
Luis Villa at TechCrunch Disrupt: Free but not cheap, the open source dilemma

News

Tidelift raises $27M to secure open source supply chain
Tidelift raises $27M to secure open source supply chain
Tidelift raises $27 million in Series C funding as open source software supply chain health and security become urgent priorities
Tidelift raises $27 million in Series C funding as open source software supply chain health and security become urgent priorities
Venture Capital Deals
Venture Capital Deals