The Tidelift Subscription

What is the Tidelift Subscription?

The Tidelift Subscription is a comprehensive solution to managing open source across the organization. It includes the tools to create, track, and manage customizable catalogs of known-good, proactively maintained open source components backed by Tidelift and its open source maintainer partners. The Tidelift Subscription allows organizations to efficiently manage the ways its developers use thousands of open source projects across JavaScript, Python, Java, PHP, Ruby, .NET, Rust, and more.

With the Tidelift Subscription in place, organizations can accelerate development, cut costs, and reduce risk when building applications with open source, so they can create even more incredible software, even faster.

The importance of managing the open source software supply chain

In a world where software supply chain attacks are an increasingly prominent existential threat (think Equifax or SolarWinds) and make front-page news, organizations are rethinking how they manage the software they use.

Meanwhile, open source has become the modern development platform. A recent Tidelift study shows that 92% of enterprise software projects contain open source dependencies and in those projects as much as 70% or more of the code is open source.

There are countless open source components in use across global organizations. Not all of these components are created equal, for a number of reasons:

• Their licenses may be incomplete, inaccurate, or incompatible with your business model and IP policies.
• They may contain security vulnerabilities that make them inappropriate for use given your risk profile.
• They may have an uncertain future and are at risk of not being maintained at the level you require going forward.
• And if a component has none of these issues today, that may change over time.

In fact, our data shows that only 16% of large organizations are extremely confident that the open source components they use are up to date, secure, and well maintained, while almost 40% are not very or not at all confident.

Many organizations are seeking ways to improve their open source management practices so they can optimize the health of their open source software supply chain.