<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">


What makes an open source package “bad” for enterprise use?

The most effective development teams adopt a proactive approach to managing the health and security of their open source dependencies. Explained in ...
Havoc Pennington
by Havoc Pennington
on March 6, 2024

Havoc Pennington

Havoc Pennington

Recent Posts

If your open source dependencies are a mess, we’ve got you. Introducing catalogs.

By Havoc Pennington on July 9, 2020
Today we’ve added a new feature we are calling catalogs to the Tidelift Subscription. Catalogs bring managed open source to life by providing a ...

Implementing security and licensing policies with Tidelift

By Havoc Pennington on August 20, 2019
The Tidelift Subscription can help you avoid introducing security and licensing problems into your open source dependencies. We partner with upstream ...

Cloud providers manage your compute, storage, and network. But who manages your open source libraries? 🤔

By Havoc Pennington on May 9, 2019
Application dependencies are code. Like all code, this code needs care and feeding.

Managed open source: Tidelift expands to 1,000 open source projects, launches new capabilities for teams

By Havoc Pennington on April 30, 2019
Nearly all application developers rely heavily on open source code, yet most organizations don’t have a strategy to keep that code secure and well ...

Up to 20% of your application dependencies may be unmaintained

By Havoc Pennington on April 9, 2019
We recently added a new feature Tidelift subscribers can use to discover unmaintained dependencies. After taking an early look at the data we're ...

Open source has a working-for-free problem

By Havoc Pennington on March 7, 2019
It's a necessary part of open source that we do some work for free. But when it is an expectation—or at least a strong norm—to do everything for ...

It's time to take dependencies seriously

By Havoc Pennington on January 25, 2019
Please read this post from Russ Cox on Google's Go team, about software dependencies.

Had enough of the zero-day exploit and fire drill?

By Havoc Pennington on December 6, 2018
Yeah, there will always be more.

Survey: help us make developing applications with open source better

By Havoc Pennington on November 14, 2018
We do a lot of user research at Tidelift—connecting with open source maintainers and users alike. Over the past few months we’ve talked to ...

Don't miss the latest from Tidelift

Filter by Topic