Does this xkcd comic ring true for you?
If so, here’s something even spookier. 👻 This is often the best case scenario. Sometimes the random person in Nebraska gets tired of the thankless maintenance work quits maintaining the project altogether.
Our research shows that up to 20% of open source dependencies aren’t being maintained at all.
This is a real problem, and most organizations struggle to manage their open source and come up with good solutions for how to keep it up to date and secure.
We find that organizations tend to use an approach somewhere on the spectrum from these two extremes:
- Move fast. Any developer can bring in any component they want, YOLO, and take the risk that bad things may happen if these components fall out of date or aren’t being properly maintained.
- Stay safe. Set up approval chains for introducing new open source components, implement scanning tools that point out any possible issue, and slow down development, potentially frustrating your top developers and missing market opportunities.
What if you didn’t have to choose? What if you could move fast and stay safe when developing applications with open source?
A few weeks ago we hosted our very first webinar with our friends at JFrog called Best practices for managing your open source artifacts. Tidelift co-founder Havoc Pennington joined forces with JFrog senior product manager Mark Galpin to explore ways to help your developers move fast and stay safe when building with open source.
You can hear their recommendations yourself in this short, 30 minute webinar. And at the end they’ll share a quick demo of how you can begin managing your organization’s open source artifacts better by using the Tidelift Subscription and JFrog Artifactory together.
Fill out the form below to watch it now.