<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Featured

Tidelift advisory | OpenSSL 3.0.x X.509 Buffer Overflow Vulnerabilities: what you need to know and do

In this advisory, we will address the core facts regarding the recently disclosed security vulnerability in the OpenSSL project, how important it is ...
Jeremy Katz
by Jeremy Katz
on November 1, 2022

Evaluating the RAIL license family

By Luis Villa on November 1, 2022
Evaluating the RAIL license family Machine learning (ML) is the hot topic in tech circles right now, and tech lawyers are no exception. Virtually ...

urllib3: how the maintainers keep the project secure and healthy (and why you should care) part 1

By Bill Nottingham on October 27, 2022
Have you ever wondered what the open source maintainers that your business relies on do to keep our software healthy and secure? Here’s the first in ...

Recap: AWS + Tidelift panel: Best practices for inclusive development

By Caitlin Bixby on October 26, 2022
On Tuesday, October 11th, in partnership with AWS, Tidelift’s foundations advocate, Josh Simmons, and Tidelift co-founder and head of engineering ...

Tidelift advisory | “Text4Shell” Apache Commons Text vulnerability: what you need to know and do

By Donald Fischer on October 19, 2022
In this advisory, we will address the core facts regarding the recently disclosed security vulnerability in the Apache Commons Text project, which ...

A maintainer-verified approach to minimizing false positives

By Kanish Sharma on October 19, 2022
Software composition analysis (SCA) tools have long been a popular way to identify security and licensing issues with open source packages. While ...

Washington, DC, and open—for maintainers

By Luis Villa on October 18, 2022
This blog post was originally published on our Tidelift community page. Some of you may have seen that open source has been in the news coming out of ...

Tidelift at SecureWorld NYC 2022

By Kristina Kaldenbach on October 12, 2022
We are excited to be sponsoring SecureWorld New York City on October 13! SecureWorld connects, informs, and develops leaders in cybersecurity through ...

Using maintainer-verified standards to improve open source software supply chain security

By Bill Nottingham on October 11, 2022
Protecting your digital infrastructure is hard. Attacks on the supply chain are becoming more frequent, and stakeholders are taking notice. The ...

Recap: Why software composition analysis tools are not enough

By Caitlin Bixby on October 4, 2022
Last week, Tidelift CEO and co-founder Donald Fischer explored why software composition analysis (SCA) tools alone are not enough to robustly address ...

Don't miss the latest from Tidelift

Filter by Topic