<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Featured

A maintainer-verified approach to minimizing false positives

Software composition analysis (SCA) tools have long been a popular way to identify security and licensing issues with open source packages. While ...
Kanish Sharma
by Kanish Sharma
on October 19, 2022

Recap: Why software composition analysis tools are not enough

By Caitlin Bixby on October 4, 2022
Last week, Tidelift CEO and co-founder Donald Fischer explored why software composition analysis (SCA) tools alone are not enough to robustly address ...

Let's talk about the hidden challenges of securing the open source software supply chain

By Amy Hays on September 8, 2022
Fact: most application developers love open source because it makes them more productive. Also a fact: Open source brings with it some security and ...

New NSA, CISA, ODNI best practices for securing the open source software supply chain

By Donald Fischer on September 6, 2022
Last week, in a response to the ever-growing list of software supply chain attacks (SolarWinds and Log4Shell specifically), the U.S. National ...