Open Source & More - Blog | Tidelift | open source supply chain

Featured

New report from Atlantic Council finds paying maintainers can positively impact open source security

A new report just out last week from the Digital Forensic Research Lab (DFRLab) at the Atlantic Council found that open source projects with funding ...

by Lauren Hanford
on April 23, 2024

The ROI of paying open source maintainers (in light of the xz utils backdoor)

By Lauren Hanford on April 8, 2024

As we continue to watch the attempted xz utils backdoor hack unfold, I’ve been following several conversations where questions are being raised about ...

Recap: 10 critical things to know before depending on an open source project

By Caitlin Bixby on December 19, 2023

It’s no secret that open source software is powering modern application development. In our own surveys, we’ve found that more than 90% of ...

How organizations use Tidelift open source intelligence to proactively improve supply chain health and security

By Bill Nottingham on December 18, 2023

Today we’re going to go through how leading customers integrate Tidelift’s validated open source intelligence into their tools and processes, in ...

Tidelift CEO and co-founder Donald Fischer talks cybersecurity requirements for organizations selling software to the U.S. government

By Caitlin Bixby on August 31, 2023

In response to an increase in cybersecurity attacks, from the SolarWinds hack on proprietary software to the Log4Shell incident on the open source ...

Upstream recap: Leveraging InnerSource practices to drive external OSS solutions

By Caitlin Bixby on August 10, 2023

On June 7th, for the third year in a row, we hosted Upstream, a virtual, one-day celebration of open source, the developers who use it, and the ...

Tidelift CEO & co-founder Donald Fischer discusses government requirements and the impact on DevSecOps

By Caitlin Bixby on June 29, 2023

Yesterday, Tidelift CEO and co-founder Donald Fischer sat down with Techstrong TV’s Michael Vizard to discuss the latest government requirements and ...

Upstream recap: Open source won, now comes the hard part

By Caitlin Bixby on June 28, 2023

On June 7th, for the third year in a row, we hosted Upstream, a virtual, one-day celebration of open source, the developers who use it, and the ...

New video story: How Distributive uses Tidelift to maximize open source security and resilience

By Amy Hays on May 15, 2023

Meet Dan Desjardins. He’s an astrophysicist turned CEO of Distributive computing, a company that’s trying to harness the power of every idle computer ...

Introducing TACOS: Trusted Attestation and Compliance for Open Source

By Lauren Hanford on April 4, 2023

In the previous blog posts of this series, I talked about the NIST Secure Software Development Framework and its impact on open source software, and ...

RSVP: How to reduce your organization's reliance on "bad" open source packages

Featured

New report from Atlantic Council finds paying maintainers can positively impact open source security

The ROI of paying open source maintainers (in light of the xz utils backdoor)

Recap: 10 critical things to know before depending on an open source project

How organizations use Tidelift open source intelligence to proactively improve supply chain health and security

Tidelift CEO and co-founder Donald Fischer talks cybersecurity requirements for organizations selling software to the U.S. government

Upstream recap: Leveraging InnerSource practices to drive external OSS solutions

Tidelift CEO & co-founder Donald Fischer discusses government requirements and the impact on DevSecOps

Upstream recap: Open source won, now comes the hard part

New video story: How Distributive uses Tidelift to maximize open source security and resilience

Introducing TACOS: Trusted Attestation and Compliance for Open Source

Don't miss the latest from Tidelift

Filter by Topic

Address

Tidelift

Product

Resources

For Maintainers