<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Featured

2023 predictions webinar recap part 1: What is the open source software supply chain and what will government requirements mean for you?

Last week, Tidelift co-founders Donald Fischer and Luis Villa sat down with a panel of industry thought leaders including RedMonk analysts Stephen ...
Caitlin Bixby
by Caitlin Bixby
on January 26, 2023

Webinar: What do open source industry experts predict for OSS in 2023?

By Caitlin Bixby on January 3, 2023
After a year full of open source supply chain news—from government advisories to the hot topic of AI and open source—Tidelift discusses the outlook ...

Tidelift completes SOC 2 Type 2 examination

By Jeremy Katz on August 16, 2022
Security reigns supreme here at Tidelift. Because we are in the business of helping your organization ensure its supply chain is secure and ...

Why scanning isn't enough

By Cameron Miller on March 31, 2020
Developers today can choose from millions of free open source components, enabling them to build applications faster than ever before. But with great ...

Verifying upstream maintainers could help prevent supply-chain compromises

By John Marcus III on March 10, 2020
In modern application development, open source is everywhere. In fact, 92% of professional application teams report that they leverage open source ...

The Tidelift approach to securing open source dependencies

By Jeremy Katz on November 21, 2019
If your team is like most modern application development teams, you are using a core of 70-80% open source components in your application. For good ...

The current state of two-factor authentication across package managers

By Tieg Zaharia on July 23, 2019
Recently at Tidelift we started asking our partnered maintainers (we call them “lifters”) to confirm that they have Two-Factor Authentication (2FA) ...

VICE Motherboard on the business of funding open source development

By Donald Fischer on February 19, 2019
Daniel Oberhaus at VICE Motherboard published an extensive essay last week delving into the history and future of open source development. It’s a ...

Event-stream: 100 million downloads, unmaintained, hacked. Now can we pay the !@#$% maintainers?

By Keenan Szulik on November 27, 2018
Late last week, users of the popular JavaScript library event-stream discovered a vulnerability in the package caused by a malicious actor who had ...

Who supports React? That depends on what you mean

By Keenan Szulik on August 14, 2018
React is a popular JavaScript library for building user interfaces. First deployed on Facebook's news feed in 2011 and then on Instagram in 2012, it ...