We are honored to be a part of the AWS Startup Showcase coming up on Jan. 26 this year. AWS partnered with theCUBE to bring together 8 innovative companies within the AWS Partner ecosystem to highlight their latest developments in the open source community for this one day virtual event.
Ahead of the showcase, Tidelift CEO and co-founder Donald Fischer sat down with David Nicholson, host of theCUBE, SiliconANGLE Media’s live streaming studio, to discuss Log4Shell (the name for the recent vulnerability in Log4j), how Tidelift partners with open source maintainers to make open source software work better for everyone, and how our partnership with AWS creates a win-win for joint customers.
In the interview, Donald talks about how open source has become the de facto standard set of building blocks for modern organizations building enterprise applications.
How does Tidelift fit into this? Tidelift was created to help organizations efficiently manage the open source software that powers their applications. Tidelift provides the tools, data, and strategies to improve the health and security of the open source powering many enterprise applications.
“[Organizations] will plug Tidelift into their release process to ensure that the 70% or 80% of the software they ship that comes from GitHub, comes from the Python Package Index, or npm, or the Maven Central Repository for Java, meets their enterprise standards,” Donald said. “They can work with us and our unique network of hundreds of these open source maintainers to ensure there is a feed of known good, vetted packages into their applications. This is an unsolved problem for almost every serious organization.”
Then, when a vulnerability like Log4Shell is disclosed, organizations can quickly and efficiently understand where in their organization the impacted component is being used, and quickly implement a remediation plan.
Tidelift also partners directly with a growing network of open source maintainers to ensure an organization’s open source software supply chain meets enterprise standards, now and into the future.
“We’re asking them to help us ensure that software the organizations depend on meets certain specific concrete enterprise standards,” Donald said. “We work with the open source maintainers to make sure we have figured out which versions of software packages are impacted by known security vulnerabilities.”
And because open source maintainers are getting paid for their efforts, future Log4Shell-like vulnerabilities might be avoided or more quickly patched.
In November, Tidelift joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate program. The AWS ISV Accelerate program is an advanced co-sell program for AWS Partners who provide software solutions that run on or integrate with AWS, and is dedicated to the global business development of partners.
The Tidelift Subscription on AWS enables customers to efficiently manage the health and security of their open source software supply chain while removing the obstacles that slow down development.
“It’s really important, whether it’s running on an edge device or in a cloud datacenter, that applications meet standards, especially on the security front,” Donald said. “AWS recognizes this need and opportunity for their customers, and we’ve been working jointly with them. Accelerate gives us the ability to co-engage with AWS and work together to solve mutual customers’ challenges.”
Moving forward, enterprises will use even more open source software in their applications because of the many benefits that open source provides, according to Donald.
“There’s no other path to take than building with modern building blocks,” Donald said. “If you think about this network of open-source maintainers working together, a rising tide lifts all boats.”
Want to learn more about how Tidelift can help your organization prepare for the next Log4Shell? Donald will be speaking at the AWS Startup Showcase at 2:20 p.m. ET in Jan. 26. Register for free.