Open Source & More - Blog | Tidelift

RSVP: How to build a sound OSS management strategy 💪

For maintainers
Log in

Product
Resources
- All Resources
- Log4Shell
- Guides & Reports
- Webinars
- Surveys
- Analysts
- Documentation
- Videos
- Blog
- Partnerships
- Podcasts
- Events
- LOG4SHELL RESOURCES
About
Blog
SCHEDULE DEMO

Featured

Joint Tidelift / JFrog webinar on-demand: Best practices for managing open source artifacts

Does this xkcd comic ring true for you?

by Amy Hays
on October 22, 2020

Spring cleaning: 3 tips for getting your application development house in order

By Jeremy Katz on May 26, 2020

Despite some indications to the contrary where I live in the northeast US, it is finally spring in the northern hemisphere—which many people ...

Gauging open source project health

By Keenan Szulik on May 19, 2020

Back in February, I had an opportunity to speak at the O’Reilly Software Architecture in New York City. I was excited to have the chance, and I ...

Don't miss the latest from Tidelift

Filter by Topic

Managed open source (57)
Lifters (53)
Maintainers (49)
Events (37)
Data (27)
Dependencies (25)
NPM (25)
Open Source Software (25)
Developers (24)
Subscription (24)
Sustainability (22)
the Tidelift Subscription (22)
JavaScript (21)
Licensing (21)
open source licenses (20)
Lifter Interview (19)
Upstream (19)
Packages (18)
Python (17)
Pay the Maintainers (15)
Package Managers (14)
Security (13)
Survey (13)
Vue (13)
Libraries.io (12)
Log4Shell (12)
Open source supply chain solutions (11)
2020 managed open source survey (10)
Java (10)
Log4j vulnerability (10)
Maven (10)
Package Management (10)
Teamwork (10)
Tidelift catalogs (10)
log4j (10)
AWS (9)
PyPI (9)
2019 managed open source survey (8)
Free trial (8)
jfrog (8)
open source supply chain (8)
webinar (8)
Apache Log4j2 <=2.14.1 (7)
PHP (7)
Product updates (7)
Intro to managed open source (6)
Metrics (6)
White House executive order 14028 (6)
cybersecurity (6)
rubygems (6)
Interface (5)
Ruby (5)
VueConf (5)
VueJS (5)
Vuetify (5)
remote work (5)
software supply chain (5)
2021 maintainer survey (4)
AWS:reinvent (4)
Financial services (4)
GitHub (4)
Linux (4)
Packagist (4)
The 2021 Tidelift open source maintainer survey (4)
devops (4)
podcast (4)
remote team (4)
sBOMs (4)
supply chain attacks (4)
urllib3 (4)
Application Development (3)
Bloomberg (3)
COVID-19 (3)
Changelog (3)
Dependency hell (3)
FinTech (3)
Forrester (3)
Gartner (3)
Good docs (3)
Google (3)
Government (3)
Hacker (3)
How to (3)
IDC (3)
Maintenance (3)
MongoDB (3)
Mongoose (3)
Open Source Initiative (3)
Package manager (3)
Project Lombok (3)
Pupdates (3)
Python Software Foundation (3)
React (3)
The Python Software Foundation (3)
Tidelift-managed catalogs (3)
White House executive order (3)
copyleft licenses (3)
dependency health (3)
ethical open source licenses (3)
funding (3)
open source scanning tools (3)
open source support (3)
recession (3)
2020 survey (2)
2FA (2)
451 Research (2)
Artifactory (2)
Babel (2)
Community (2)
Enterprise (2)
GNU Public License (2)
GitLab Commit (2)
Golang (2)
Gulp JS (2)
Hippocratic (aka Do No Harm) License (2)
Hiring (2)
Laravel (2)
Maintainer Week (2)
Material-UI (2)
NumFocus (2)
NumPy (2)
NuxtJS (2)
PSF (2)
Productivity (2)
PyCon (2)
Red Hat (2)
SCA tools (2)
Server Side Public License (2)
SolarWinds (2)
Tidelift advisory (2)
Two Factor Authentication (2)
Vulnerabilities (2)
Webpack (2)
ajv (2)
catalogs (2)
commercial assurance (2)
composer (2)
cooking with tidelift and jfrog (2)
copyleft (2)
critical vulnerability (2)
cyber safety review board (2)
diversity (2)
documentation (2)
eslint (2)
known-good open source (2)
managing open source (2)
nodejs (2)
open source contributions (2)
open source software supply chain (2)
open source software support (2)
pandas (2)
security vulnerability (2)
software bills of materials (2)
swampup (2)
2021 survey (1)
996.icu (1)
996.icu license (1)
AGPL (1)
AGPL v3 (1)
APIs (1)
Active Admin (1)
Apache License (1)
Beautiful Soup (1)
Blue Oak Model License (1)
Browserify (1)
Bundler (1)
Byte Buddy (1)
CHIME (1)
CLI (1)
CSRB (1)
CVE (1)
CVE-2022-22965 (1)
Carbon (1)
Careers (1)
Commercial Open Source Software (1)
Community health files (1)
CommunityBridge (1)
Contributing to open source (1)
Cryptographic Autonomy License (1)
DXY.cn (1)
Dependency analyzer (1)
DevOps Enterprise Summit (1)
Devopsdays (1)
Digital Ocean (1)
Digital transformation (1)
Django (1)
DjangoCon (1)
ECMAScript 5 (1)
ED&I (1)
Elastic (1)
Evil Martians (1)
Fannie Mae (1)
Fidelity Investments (1)
Free Software Foundation (1)
GPL (1)
GPL v3 (1)
Girls Who Code (1)
GitHub Marketplace (1)
GitHub Satellite (1)
Global Maintainer Summit (1)
Hacktoberfest (1)
Jade (1)
Legal (1)
Lerna project (1)
License Zero (1)
Lifter help (1)
Lighthouse PHP (1)
Locale.ai (1)
MITRE (1)
Maintainerati (1)
Microsoft (1)
Mockito (1)
Nuxt (1)
OSCON (1)
OSI (1)
OSPO (1)
OSPOCON (1)
OSS (1)
Open Source Leadership Summit (1)
OpenJS Collaborator Summit (1)
Oracle (1)
Path-to-RegExp (1)
Penciljs (1)
Pillow (1)
Pug JS (1)
Pupdate (1)
Pylint (1)
Pyparsing (1)
QCon (1)
Ramda Adjunct (1)
React-Native (1)
Research (1)
Ruby Together (1)
Rust (1)
SOC 2 Type 2 (1)
SOC2 (1)
SSPL (1)
SciPy (1)
SerenityJS (1)
Slack (1)
Slim Framework (1)
Spring (1)
Spring MVC (1)
Spring WebFlux (1)
Spring framework (1)
StandardJS (1)
Stratus Digital Systems (1)
Sudo Show (1)
SugarCRM (1)
Symfony (1)
TC39 (1)
TFiR (1)
Techstrong Con (1)
Tools (1)
USGS (1)
Underscore (1)
University of Michigan (1)
Upstream thinking (1)
Vue 3 (1)
Vue vs React (1)
What is a package manager (1)
agile (1)
ama (1)
analyst firm (1)
anti-carbon license (1)
array flatten (1)
artifacts (1)
autoprefixer (1)
backbone (1)
backend framework (1)
burnout (1)
byebug (1)
cadence shear (1)
case study (1)
code health (1)
command line integration (1)
contributor (1)
coordinated security vulnerability disclosure (1)
coronavirus (1)
curl (1)
data science (1)
decentralized internet (1)
demo (1)
docs advocacy (1)
es5-shim (1)
event (1)
finos (1)
formidable (1)
google monorepo (1)
grape (1)
halfnium microsoft exchange (1)
inclusion (1)
json (1)
keynote (1)
lock files (1)
mental health (1)
nist (1)
no-negotiation policy (1)
nuget (1)
o'reilly (1)
observability (1)
open source management (1)
open source security standards (1)
open source strategy forum (1)
open source summit (1)
opencore (1)
package health (1)
package invalidation (1)
package manifests (1)
package selection (1)
package signing (1)
php html parser (1)
phpstan (1)
pluralize (1)
polyfills (1)
postcss (1)
react-native-camera (1)
reactivity (1)
redmonk (1)
repo (1)
repo attacks (1)
requests (1)
rights ratchet (1)
ruby grape (1)
software architects (1)
software engineers (1)
supply-chain compromises (1)
swift (1)
tech books (1)
the Apache Foundation (1)
the Flarum Foundation (1)
the Linux Foundation (1)
the Polyform Project (1)
third_party_prefix (1)
unfunded mandates (1)
vue 2 (1)
vue catalog (1)
vuesax (1)
websockets (1)
wordpress (1)
working at Tidelift (1)
zero day exploit (1)
zero day exploits (1)
zero-day fire drill (1)

See All

50 Milk St, 16th Floor
Boston, MA 02109
(617) 528-9673

Privacy policy

Terms of service

System status

Tidelift

About
Log in
Blog
Press
Contact
Jobs

Product
Solutions
Pricing
Free demo
Documentation
Scope of support

Resources
Log4Shell resources
Blog
Tools
Guides
Videos
Checklists
Podcasts
Webinars
News
Surveys
Partnerships

For Maintainers
Packages with income
Maintainer tasks