<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Introducing the Tidelift open source software assessment

John Marcus III
by John Marcus III
on July 31, 2018

Updated on December 26, 2019

Don't miss the latest from Tidelift

Recently, Tidelift published the results of our 2018 survey of professional open source users and maintainers. There are several surprising findings in there, but one that didn’t surprise me a bit was that professional developers reported 92% of their applications contain open source libraries. In fact, more than two thirds of survey respondents said that 100% of their applications make use of at least some open source dependencies.

I spend most of my time talking to professional engineering and product teams, which is why this finding is no shocker to me. For the modern software organization, using open source components is not just the best way—it’s the only way.

Open source is amazing. Yet, as with all good things, there are some tradeoffs. Many open source projects are dependent on each other, yet there is no single organization out there ensuring that all of the pieces play well together. Issues related to cross-package maintenance, security, and licensing from different projects tend to crop up when you least expect them.

What we’re doing about it at Tidelift

At Tidelift, we work to ensure development teams have open source software they can depend on. We know from data and experience that in order to understand the risks and opportunities in open source you need to understand your current dependencies.

Starting this week, we are offering professional software teams the ability to sign up for a 20-minute open source software assessment from one of our open source specialists.

Request an assessment

With support for JavaScript, Python, Java, and many more languages and package managers, the open source software assessment will help you quickly find known security, maintenance, and licensing issues with your open source dependencies.

On this assessment you will learn:

  • Which dependencies have identified security vulnerabilities
  • Which dependencies are deprecated or unmaintained
  • Which dependencies have missing or non-compliant licenses
  • How direct and transitive dependencies impact your production projects

Ready to take the first step? Request an assessment for your organization.
New Call-to-action

Dependencies, Licensing, Security, Subscription

You might also like:

Dependencies, Licensing, Security, Subscription

xz utils hack: what is it?

Dependencies, Licensing, Security, Subscription

What makes an open source package “bad” for enterprise use?