Hear Tidelift CEO and co-founder Donald Fischer highlight the key benefits of the Tidelift Subscription.
This video clip comes from our on-demand webinar, why software composition analysis tools aren't enough. In this webinar, Donald talks about a new approach to improving open source supply chain resilience that brings together people and software. You can watch the entire webinar on-demand here.
If you really boil it down, there's a couple of key benefits that you get from this approach as embodied by, for example, the Tidelift Subscription.
The first is to help improve the visibility into the open source that you're using. Getting a complete view of the open source in use across your organization, including not just the top-level packages, but also the transitive dependencies, the packages that they in turn depend on. The Tidelift subscription gives you the tools to generate a continuously updated software bill of material (SBOM), or more simply put, an ingredients list for every build of your application software, so you always know what components are being used in production.
We then help improve the decision making of your application development teams by putting better, cleaner, and more actionable, data-driven recommendations in front of them. Not just based on semi-structured data scraped from the internet, but actually human-validated metadata from the teams who often created or at the very least maintain these open source projects. We make it easy for the decisions that get made based on that data to be shared across the organization so that each team doesn't have to repetitively go through the same analysis; it can be done once and put into a catalog for the whole organization to leverage.
We also help organizations improve governance by centralizing their open source security, maintenance, and licensing policies and standards, getting one place to go to keep track of how they're doing in terms of their ambitions on those fronts.
And then finally, and critically, we actually improve the application resilience by working with upstream open source maintainers to validate that the components that they're creating meet this expanding list of industry standards, both now at this point in time and also putting into practice the processes and tools to ensure that those standards are met in the future as well.