Resources

Tidelift VP of product, Lauren Hanford, sat down with Medcrypt’s VP of product, Om Mahida, to review government product security requirements, in particular discussing software bills of materials (SBOMs).

Does your organization sell software to the U.S. government? Then you are probably already aware that the government has become much more active in setting policy to improve cybersecurity in response to high-profile vulnerabilities like SolarWinds and Log4Shell..

Many of our customers are using Tidelift and one or more SCA tools together as part of what we call a “defense in depth” strategy, where SCA handles reactively detecting security vulnerabilities and Tidelift handles proactively improving the health and security of your open source software supply chain.

Tidelift named a Cool Vendor in the May 2022 Gartner Cool Vendors in Software Engineering

As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.

Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

The U.S. government is taking action to set higher cybersecurity standards. How will they impact your organization? Learn what application development teams using open source need to know about U.S. government cybersecurity guidelines and how to stay in compliance.

Want to understand the best practices for responsibly using open source components in your organization?

We thought it might be fun to tell the story of how the Tidelift Subscription works—as a children's book.

Secure development practices and Python supply chain impact

How Distributive uses Tidelift to maximize the security and resilience of its open source application components

When news of the critical vulnerability in popular Java logging tool Log4j broke, the team at EMPLOYERS® was ready.

Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.

Hear Tidelift VP of Product, Lauren Hanford introduce the Trusted Attestation and Compliance for Open Source (TACOS) framework, a machine-readable framework that makes it easy to self-attest and report on the development practices of the upstream open source packages .

This short demo will walk you through how Tidelift can help your organization attest to the cybersecurity practices of the open source components in your software supply chain and meet government compliance requirements.

Introducing Seth Michael Larson! Seth maintains urllib3 and a host of useful packages within the Python ecosystem. Watch to learn more about Seth and his journey in open source!

Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.

How do you define open source software? What are the challenges an open source project and maintainers face?

In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

What we got wrong about crypto, what we might get right about AI video

In this week’s episode of the Upstream podcast, Luis Villa sits with Annie Rauwerda of Depths of Wikipedia and Sumana Harihareswara, stand-up comedian and founder of Changeset Consulting.

In this week’s episode of the Upstream podcast, Luis Villa sits with Kellan Elliot-McCrea of Adobe and Adam Jacon, CEO of System Initiative. Should software development teams be a team sport or an orchestra rather than a factory?

In this week’s episode of the Upstream podcast, Luis Villa sits with Heather Leson, digital innovation lead at the International Federation of Red Cross and Red Crescent Societies (IFRC) and Monica Granados, assistant director of open climate at Creative Commons.