<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">


How to reduce your organization's reliance on "bad" open source packages
Watch this webinar when Lauren will go over the ways to reduce your organizations reliance on “bad” open source packages and will review what “bad” open source package really means.
Life as a maintainer after the xz utils backdoor hack
The explosive details about the recent xz utils backdoor hack, in which a volunteer open source maintainer was manipulated over a period of years into giving commit access to their project, have sent shudders across all open source communities.
How healthcare organizations should navigate government regulatory activity impacting open source
In 2024, cybersecurity risk impacts patient outcomes, doctor burnout, and care success at nearly every healthcare organization.
2024 recommendations to proactively reduce open source risk
An overview of IDC research and current recommendations for application development and security leaders to improve open source resilience and reduce risk
Predictions: What’s in the crystal ball for open source software security in 2024?
As we head into 2024, one of our time-honored traditions at Tidelift is gathering together a group of smart folks to make some predictions about open source software security for the year ahead.
10 critical things to know before depending on an open source project
When pulling new open source dependencies into your application, you need to ensure you are making smart decisions that don’t open up your organization to risk. So how should you go about doing the research?
Defense in depth: How to use Tidelift alongside your SCA tool
Many of our customers are using Tidelift and one or more SCA tools together as part of what we call a “defense in depth” strategy, where SCA handles reactively detecting security vulnerabilities and Tidelift handles proactively improving the health and security of your open source software supply chain.
How to comply with mandatory government cybersecurity requirements impacting open source
Does your organization sell software to the U.S. government? Then you are probably already aware that the government has become much more active in setting policy to improve cybersecurity in response to high-profile vulnerabilities like SolarWinds and Log4Shell..
Tidelift + Medcrypt: Using SBOM data to comply with government cybersecurity regulations
Tidelift VP of product, Lauren Hanford, sat down with Medcrypt’s VP of product, Om Mahida, to review government product security requirements, in particular discussing software bills of materials (SBOMs).
AWS + Tidelift panel: Best practices for inclusive development part 2
Continuing the conversation from 2022, we will dive deeper into discussing best practices and small changes for leaders to implement in order to drive change and thought leadership around ID&E across their engineering teams.
Top findings from the 2023 Tidelift state of the open source maintainer report
We just released our new state of the open source maintainer report with 11 big headlines from our new survey of over 300 open source maintainers. Some findings will confirm what you already know to be, some may startle you.
How the NIST Secure Software Development Framework impacts open source software
Lauren Hanford, Tidelift VP of product, and Kanish Sharma discuss the NIST Secure Software Development Framework and share ways organizations can actually follow its guidance, specifically highlighting considerations for the open source software on which all modern software is built.
News debrief: What the new U.S. cybersecurity strategy means for the open source software
Breaking news: On March 2, the U.S. government issued the long anticipated 2023 National Cybersecurity Strategy. How does this impact open source software?
How to navigate impending open source software security requirements
Open source security is a top, unavoidable priority in 2023. Thanks to the front page press surrounding critical vulnerabilities like Log4Shell and SolarWinds, governments around the globe are taking action. 
Predictions: What does open source software supply chain security look like in 2023?
Join Tidelift co-founders Donald Fischer and Luis Villa and Red Monk analysts Stephen O’Grady and Rachel Stephens as they dove into their 2023 open source software supply chain security predictions.
How the maintainers of urllib3 keep the project secure and healthy (and why you should care)
Tidelift VP of Product Lauren Hanford sits down to chat with Seth Larson about all the systems and processes Seth and the team has put into place to keep urllib3 happy and healthy for all those millions of Python dependencies.
Fireside chat: Why this CISO thinks SBOMs aren't the silver bullet
Tidelift CEO and co-founder Donald Fischer sits down with Andy Ellis, former Chief Security Officer at Akamai turned startup advisor and investor and talk about the true consequences of SBOMs.
The importance of a sound open source software supply chain management strategy
Tidelift host Kanish Sharma and guest speaker Jim Mercer, IDC research vice president, dived into these challenges and discussed the best approach to addressing them.
AWS + Tidelift panel: Best practices for inclusive development
Inclusive is one of our core values at Tidelift. So we were delighted and inspired when our friends at AWS were interested in collaborating with us on a panel discussion about inclusive practices in open source software development.
Why software composition analysis tools aren't enough
Historically, software composition analysis (SCA) tools were one primary way to get better visibility into open source security, maintenance, and licensing risk. But, by themselves, they are not enough.
Log4Shell, open source maintenance, and why SBOMs are critical now
Join Tidelift CEO and co-founder Donald Fisher and guest speaker Forrester Principal Analyst Sandy Carielli as they discuss some of the key lessons organizations can learn from Log4Shell along with some critical recommendations organizations can use to prepare for handling similar issues down the road.
From Heartbleed to Log4Shell: How are things better? How are they the same?
Tidelift solutions architect lead Mark Galpin shares insights into theLog4Shell vulnerability and discusses how things have changed since Heartbleed.
Tidelift briefing: What you need to know about the Log4Shell vulnerability
Mark Galpin breaks down the current Log4Shell situation and shares tips for remediating the issue. You won't want to miss this.
Tracy Bannon from MITRE talks OSS supply chain security and how to help your overburdened dev team
For years, experts have been telling the government to take stock of the software supply chain by generating software bills of materials and defining standards and policies for use.
Tidelift December product update and live demo
Tidelift product marketing lead Kanish Sharma and solutions architect Jimmy Caldwell demo the latest updates to the Tidelift Subscription.
Briefing: Thinking upstream about White House cybersecurity executive order 14028
Tidelift CEO and co-founder Donald Fischer shares his perspective on how the cybersecurity executive order impacts software supply chain security.
Supporting the Python community by “shifting left”
What are some ways corporate users of open source software can contribute upstream and partner with ecosystems who provide the software?
Open source software supply chain management and security in the wake of SolarWinds
Tidelift CEO Donald Fischer will brief application development teams on the state of software supply chain security.
Open source licenses AMA part 2
Tidelift's resident open source license guru Luis Villa answers some pressing questions
Take control of your open source software supply chain with Tidelift catalogs
Watch on-demand as we demonstrate how you can use the Tidelift Subscription as the heart of an effective open source supply chain management strategy.
Accelerate app development by optimizing your organization’s open source strategy
In this webinar, Tidelift CEO and co-founder Donald Fischer is joined by guest speaker Chris Condo, Forrester’s Principal Analyst.
Open source licenses AMA
Tidelift's resident open source license guru Luis Villa is joined by guest speaker Kate Downing to answer some pressing questions.
Best practices for managing your open source artifacts
We share the latest best practices orgs can use to manage their open source dependencies.
The future of open source software support
IDC analyst Al Gillen explains the history of open source support models and his thoughts about the future of open source support.
Everything you never wanted to know about open source licenses and were too bored to ask
Tidelift's resident open source license guru Luis Villa shares the basics of how open source licenses work.
Choosing open source packages well
Tidelift co-founder Jeremy Katz deep dives into the steps you can take to choose the right open source packages for your organization.
How to level up your open source project with Tidelift
Are you an open source maintainer interested in leveling up your open source project through Tidelift?