<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Featured

CISA announces the Open Source Software Security Roadmap

The Cybersecurity and Infrastructure Security Agency (CISA) just released the Open Source Software Security Roadmap, the latest step in the U.S. ...
Donald Fischer
by Donald Fischer
on September 13, 2023

Donald Fischer

Donald Fischer

Recent Posts

Tidelift advisory: How the National Cybersecurity Strategy Implementation Plan impacts open source

By Donald Fischer on July 13, 2023
This week, the White House unveiled its implementation plan for the strategies outlined in the National Cybersecurity Strategy that was originally ...

Tidelift advisory: OMB Memo M-23-16 clarifies U.S. government secure software development attestation requirements and deadlines, including for open source

By Donald Fischer on June 10, 2023
On June 9, 2023, the U.S. government Office of Management and Budget released memorandum M-23-16 as an update to the guidance for enhancing the ...

Tidelift advisory: Securing Open Source Software Act advances in U.S. Senate

By Donald Fischer on March 30, 2023
Yesterday, the U.S. Senate Committee on Homeland Security and Governmental Affairs voted to advance bipartisan legislation to help strengthen the ...

Tidelift advisory: Impact of new U.S. National Cybersecurity Strategy on organizations building apps with open source software

By Donald Fischer on March 2, 2023
Today, the U.S. government issued the long anticipated 2023 National Cybersecurity Strategy. This is the next step in a series of recent actions ...

Tidelift advisory | “Text4Shell” Apache Commons Text vulnerability: what you need to know and do

By Donald Fischer on October 19, 2022
In this advisory, we will address the core facts regarding the recently disclosed security vulnerability in the Apache Commons Text project, which ...

Tidelift advisory: New White House OMB guidance impacts organizations building apps with open source

By Donald Fischer on September 15, 2022
Yesterday, the U.S. government’s Office of Management and Budget (part of the Executive Office of the President) released memorandum M-22-18 on ...

$33.5M to improve open source software supply chain resilience with help from AEI HorizonX and Cisco Investments

By Donald Fischer on September 13, 2022
We’re excited to announce today that Tidelift has extended our Series C financing to $33.5 million with additional investments from AEI HorizonX, AE ...

New NSA, CISA, ODNI best practices for securing the open source software supply chain

By Donald Fischer on September 6, 2022
Last week, in a response to the ever-growing list of software supply chain attacks (SolarWinds and Log4Shell specifically), the U.S. National ...

Tidelift’s take on the U.S. Cyber Safety Review Board Report on Log4Shell vulnerability

By Donald Fischer on July 15, 2022
Yesterday, the U.S. Department of Homeland Security released the first report from the recently created Cyber Safety Review Board (CSRB), reviewing ...

Don't miss the latest from Tidelift

Filter by Topic