Over the past several years, Tidelift has built a model for partnering with open source maintainers to achieve improved software supply chain security outcomes across critical open source software ecosystems.
In this report, we walk through the strategy, key outcomes to date, and highlight the opportunities and challenges ahead. We'll discuss in more detail how:
- Aligning incentives with secure outcomes for open source
- Tidelift’s model with maintainers has proven that secure-by-design must include relationships and incentives
- Improving security outcomes for open source is a networked, people-centered problem
- And more!