Hear Tidelift VP of Product, Lauren Hanford explain how Tidelift partners with maintainers to meet these standards, such as NIST SSDF and OpenSSF scorecards.
This video clip comes from our on-demand webinar, how the NIST SSDF impacts open source software. In this webinar, Lauren and Senior Product Marketing Lead, Kanish Sharma discuss the NIST SSDF and how organizations can follow its guidance when they are building applications with open source software. You can watch the entire webinar on-demand here.
The Tidelift model is to partner directly with maintainers and ensure that standards are being met. For us this is grounded in multiple sources, from NIST SSDF and things that came prior to that, and certainly the OpenSSF scorecards. Some of the standards listed in the top right are pieces of secure software development practice that we incentivize maintainers to deliver on within our software.
And in the bottom right, you can see that there are objective measured health improvements over time as a result of that. So this is leveraging the OpenSSF scorecard assessment evaluation of an open source package of migration from a certain state when they started to becoming more and more secure over time.