Organizations selling software to the U.S. government are now required to attest they follow the secure software development practices defined in the NIST Secure Software Development Framework (SSDF). This includes attesting to the development practices of the open source components being used in those applications.
Tidelift pays open source maintainers to ensure their projects follow important security and maintenance practices like those found in the NIST SSDF and keep those attestations current.
This open source attestation report was prepared using the most comprehensive database of maintainer-validated security and maintenance attestations— available only from Tidelift. The report provides deep insight into the known secure development practices followed by open source projects in use within your organization’s applications.