Tidelift helps organizations remove risk to their revenue, data, and customers from bad open source packages. Bad packages (by which we mean ...
A new report just out last week from the Digital Forensic Research Lab (DFRLab) at the Atlantic Council found that open source projects with funding ...
As we continue to watch the attempted xz utils backdoor hack unfold, I’ve been following several conversations where questions are being raised about ...
Open source changes at a breathtaking rate in modern software development. Development teams make many choices each day about what packages to start ...
Today, I’m excited to release our 2023 open source maintainer impact report—our first annual overview of the strategy and results from securing the ...
On April 27, CISA released a proposed draft of the long-awaited self-attestation form organizations selling software to the government will need to ...
In the previous blog posts of this series, I talked about the NIST Secure Software Development Framework and its impact on open source software, and ...
In my previous blog post I shared some thoughts regarding why organizations developing applications with open source components should be paying ...
Over the past year, the U.S. government has been extremely active developing strategies, policies, and regulations with the intent of improving ...
50 Milk St, 16th Floor, Boston, MA 02109
.svg){kind=icon}