Monitoring and remediating risk from open source packages with Tidelift
Learn about how development teams can use Tidelift to minimize rework, boost productivity, and increase application resilience, by helping teams monitor and remediate risk from the open source in use at their organization.
Paying maintainers to improve their project’s security practices (the urllib3 story)
With support from Tidelift, urllib3 maintainers have been able to improve security practices, including adding two-factor authentication and automating release processes. Their efforts led to urllib3 achieving an impressive 9.6/10 score on the OpenSSF Scorecard.
Discover how Tidelift empowers application developers to confidently use open source packages. Tidelift partners with the maintainers of thousands of popular open source packages, ensuring industry-leading secure software development practices.
Paying open source maintainers to reduce security risk (the jackson-databind story)
With support from Tidelift and its customers', open source maintainers like Tatu Saloranta can better enhance security and maintain project health, reducing risks for users and ensuring long-term sustainability.
The Tidelift Subscription: Eliminating risk from bad open source packages
With the Tidelift Subscription, organizations can evaluate and monitor packages, eliminate bad ones, and improve overall security, productivity, and application quality.
The impact of bad open source packages on enterprise application development
Watch this demo to learn how eliminating bad open source packages can lead to lowering security risks, improving productivity, improving application quality, and increasing operational efficiency.
Life as a maintainer after the xz utils backdoor hack
The explosive details about the recent xz utils backdoor hack, in which a volunteer open source maintainer was manipulated over a period of years into giving commit access to their project, have sent shudders across all open source communities.
Tidelift VP of Public Sector Robert Wickham on open source and innovation with Fed Gov Today
At the Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference 2023, Tidelift VP of Public Sector, Robert Wickham, sat down with Francis Rose at Fed Gov Today to discuss open source and its role in the public sector space.
Watch this quick demo to learn how Tidelift can help your organization generate software bills of materials (SBOMs) and implement open source usage and management standards consistently across development teams.
Introducing TACOS: Trusted Attestation and Compliance for Open Source
Hear Tidelift VP of Product, Lauren Hanford introduce the Trusted Attestation and Compliance for Open Source (TACOS) framework, a machine-readable framework that makes it easy to self-attest and report on the development practices of the upstream open source packages .
Digging into the NIST Secure Software Development Framework
Hear Tidelift VP of Product, Lauren Hanford break down the four areas of the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF).
U.S. National Cybersecurity Strategy: a liability shift
Hear Tidelift VP of Product, Lauren Hanford discuss the liability shift from producers to consumers, as stated in the U.S. National Cybersecurity Strategy
Reminder: open source software relies on volunteers
Hear Tidelift VP of Product, Lauren Hanford discuss the current state of the open source maintainer and how most maintain open source software projects without pay, and why this matters when looking at these new secure software development practices.
Tidelift partners with open source software maintainers
Hear Tidelift VP of Product, Lauren Hanford explain how Tidelift partners with maintainers to meet these standards, such as NIST SSDF and OpenSSF scorecards.
Defense in depth: proactive and reactive strategies
Hear Tidelift CEO and co-founder, Donald Fischer, highlight the Tidelift Subscription's defense in depth approach, an approach that combines proactive and reactive strategies to manage application security.
Why we should be asking the important question: when considering the evolving list of government and industry cybersecurity requirements, who is going to do the work?
Introducing Seth Michael Larson! Seth maintains urllib3 and a host of useful packages within the Python ecosystem. Watch to learn more about Seth and his journey in open source!
Introducing, Pierre Sassoulas! Pierre maintains pylint and a host of useful packages, but got his start in open source as a Wikipedia volunteer. Watch to learn more about Pierre and his journey in open source!
In our first in the series, we’d like to introduce you to Felix Böhm. Felix maintains Cheerio and a host of other useful packages. Watch to learn more about how Felix got started!
Software + People: An optimistic (and practical) way forward for the open source software supply chain
Tidelift CEO Donald Fischer gives a talk entitled Software + People: An optimistic (and practical) way forward for the open source software supply chain at Tidelift's annual conference, Upstream.
.png?width=750&height=400&name=Tidelift_Background_BlueGreenCircles%20(1).png)
.png?width=1600&height=900&name=Introducing%20TACOS%20(1).png)
.png?width=1308&height=708&name=Upstream%20speaker%20dff%20on-demand%20(1).png)
50 Milk St, 16th Floor, Boston, MA 02109
.svg){kind=icon}