Cloud providers manage your compute, storage, and network. But who manages your open source libraries? 🤔

Application dependencies are code. Like all code, this code needs care and feeding.
Havoc Pennington
by Havoc Pennington
on May 9, 2019

Havoc Pennington

Havoc Pennington

Recent Posts

Managed open source: Tidelift expands to 1,000 open source projects, launches new capabilities for teams

By Havoc Pennington on April 30, 2019
Nearly all application developers rely heavily on open source code, yet most organizations don’t have a strategy to keep that code secure and well ...

Up to 20% of your application dependencies may be unmaintained

By Havoc Pennington on April 9, 2019
We recently added a new feature Tidelift subscribers can use to discover unmaintained dependencies. After taking an early look at the data we're ...

Open source has a working-for-free problem

By Havoc Pennington on March 7, 2019
It's a necessary part of open source that we do some work for free. But when it is an expectation—or at least a strong norm—to do everything for ...

It's time to take dependencies seriously

By Havoc Pennington on January 25, 2019
Please read this post from Russ Cox on Google's Go team, about software dependencies.

Had enough of zero-day fire drills?

By Havoc Pennington on December 6, 2018
Yeah, there will always be more.

Survey: help us make developing applications with open source better

By Havoc Pennington on November 14, 2018
We do a lot of user research at Tidelift—connecting with open source maintainers and users alike. Over the past few months we’ve talked to ...

Open source maintainers: how to get paid with Tidelift

By Havoc Pennington on September 19, 2018
Hello, interested open source maintainers!

Steve Ballmer was right about open source

By Havoc Pennington on March 15, 2018
There's a falsely-attributed-to-Gandhi quote, "First they laugh at you, then they ignore you, then they fight you, then you win."  Fifteen years ago, ...

Want to better understand your current dependencies? Here's how.

By Havoc Pennington on February 28, 2018
Today we're launching the Tidelift Subscription, a service that gives professional assurances to commercial users of open source while funding ...