Featured

Why scanning isn't enough

Developers today can choose from millions of free open source components, enabling them to build applications faster than ever before. But with great ...
Cameron Miller
by Cameron Miller
on March 31, 2020

Verifying upstream maintainers could help prevent supply-chain compromises

By John Marcus III on March 10, 2020
In modern application development, open source is everywhere. In fact, 92% of professional application teams report that they leverage open source ...

The Tidelift approach to securing open source dependencies

By Jeremy Katz on November 21, 2019
If your team is like most modern application development teams, you are using a core of 70-80% open source components in your application. For good ...

The current state of two-factor authentication across package managers

By Tieg Zaharia on July 23, 2019
Recently at Tidelift we started asking our partnered maintainers (we call them “lifters”) to confirm that they have Two-Factor Authentication (2FA) ...

VICE Motherboard on the business of funding open source development

By Donald Fischer on February 19, 2019
Daniel Oberhaus at VICE Motherboard published an extensive essay last week delving into the history and future of open source development. It’s a ...

Event-stream: 100 million downloads, unmaintained, hacked. Now can we pay the !@#$% maintainers?

By Keenan Szulik on November 27, 2018
Late last week, users of the popular JavaScript library event-stream discovered a vulnerability in the package caused by a malicious actor who had ...

Who supports React? That depends on what you mean

By Keenan Szulik on August 14, 2018
React is a popular JavaScript library for building user interfaces. First deployed on Facebook's news feed in 2011 and then on Instagram in 2012, it ...

Introducing the Tidelift open source software assessment

By John Marcus III on July 31, 2018
Recently, Tidelift published the results of our 2018 survey of professional open source users and maintainers. There are several surprising findings ...

Our 2018 professional open source survey report is now available

By Keenan Szulik on July 17, 2018
Earlier this year, we launched our first professional open source survey. Our goal? To gain deeper perspective about what can be done to make open ...

How much would professional users pay for supported open source? Survey results part 4

By Keenan Szulik on May 15, 2018
Earlier this year, we launched our first professional open source survey. Our goal? To gain deeper perspective about what can be done to make open ...

Don't miss the latest from Tidelift

Filter by Topic

See All