<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Featured

Upstream rewind: the 2023 Upstream maintainer panel and the insights that resonate in 2024

As we count down to this year’s Upstream, we’ll be looking back at Upstream moments from years past. Discover how topics may have changed and how ...
Caitlin Bixby
by Caitlin Bixby
on April 11, 2024

The ROI of paying open source maintainers (in light of the xz utils backdoor)

By Lauren Hanford on April 8, 2024
As we continue to watch the attempted xz utils backdoor hack unfold, I’ve been following several conversations where questions are being raised about ...

xz, Tidelift, and paying the maintainers

By Luis Villa on April 2, 2024
Late last week, a developer noticed some unusual behavior on their computer, investigated it, and uncovered a hack of epic scope, in an obscure but ...

5 of the Python packages most relied upon for AI are powered by Tidelift maintainer partners

By Kacey Bradford on March 19, 2024
For those of you who may have been living under a rock for the last year, Artificial Intelligence (AI) and Machine Learning (ML) are now at the ...

Upstream is June 5, 2024

By Luis Villa on March 14, 2024
Improving the health and security of open source is an old problem. In the past 25 years companies have been formed, foundations have been funded, ...

Tidelift advisory: Final CISA Secure Software Development Attestation Form released

By Donald Fischer on March 12, 2024
On Monday March 11, CISA and the Office of Management and Budget (OMB) released the final version of the Secure Software Development Attestation Form ...

Why Tidelift joined FINOS

By Donald Fischer on March 7, 2024
Today, I’m excited to share that Tidelift has officially joined FINOS, the Fintech Open Source Foundation.

Software liability changes are coming. Are you ready?

By Donald Fischer on March 6, 2024
This week, CyberScoop reported on new developments in U.S. software cybersecurity liability:

What makes an open source package “bad” for enterprise use?

By Havoc Pennington on March 6, 2024
The most effective development teams adopt a proactive approach to managing the health and security of their open source dependencies. Explained in ...

Webinar recap: 2024 recommendations from IDC to proactively reduce open source risk

By Caitlin Bixby on February 29, 2024
Last week, we hosted a highly anticipated webinar with guest speaker Katie Norton, Research Manager at IDC. The task: to discuss the latest IDC ...

Don't miss the latest from Tidelift

Filter by Topic