Tidelift is the only company that partners with open source maintainers and pays them to:
Implement industry-leading secure software development practices and validate the practices they follow so organizations can have the same confidence in the security of their open source that they have in their own code.
Contractually commit to continue these practices into the future so that organizations can confidently make long term investments in the packages they use.
jackson-databind
Maintainer Tatu Saloranta used income from Tidelift and its customers to completely rearchitect jackson-databind and eliminate the risk of RCE vulnerabilities.
minimist
Maintainer Jordan Harband saved minimist from deletion when its maintainer decided to delete their projects from GitHub.
urllib3
Maintainer Seth Michael Larson was able to substantially improve urllib3 security practices thanks to income from Tidelift and its customers.
SockJS
When SockJS maintainer Bryce Kahle took a new job that didn’t involve JavaScript, Asif Saif Uddin stepped in as maintainer, ensuring the project wasn’t abandoned.
Pillow
Maintainer Jeffrey A. Clark significantly improved security practices used to maintain Pillow, a popular Python Image Library package downloaded 3 million times a day.
Jordan Harband
Maintainer Jordan Harband used income from Tidelift and its customers to consistently maintain over 450 JavaScript packages during good times and bad.
Mongoose
Maintainer Valeri Karpov of Mongoose implemented additional secure development practices and significantly improved the project’s OpenSSF scorecards score.
Apache Commons
Maintainer Gary Gregory of Apache Commons used income from Tidelift and its customers to carve out time to create a more robust security review process.
.png)
.png)
50 Milk St, 16th Floor, Boston, MA 02109
.svg){kind=icon}