<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Featured

xz, Tidelift, and paying the maintainers

Late last week, a developer noticed some unusual behavior on their computer, investigated it, and uncovered a hack of epic scope, in an obscure but ...
Luis Villa
by Luis Villa
on April 2, 2024

In a shocker, paid maintainers do more security and maintenance work than unpaid maintainers

By Chris Grams on May 16, 2023
In late 2022, Tidelift fielded its second survey of open source maintainers. Hundreds of maintainers responded with thoughts about getting paid for ...

2023 predictions webinar recap: What is the open source software supply chain and what will government requirements mean for you?

By Caitlin Bixby on January 26, 2023
Last week, Tidelift co-founders Donald Fischer and Luis Villa sat down with a panel of industry thought leaders including RedMonk analysts Stephen ...

Webinar: What do open source industry experts predict for OSS in 2023?

By Caitlin Bixby on January 3, 2023
After a year full of open source supply chain news—from government advisories to the hot topic of AI and open source—Tidelift discusses the outlook ...

Tidelift completes SOC 2 Type 2 examination

By Jeremy Katz on August 16, 2022
Security reigns supreme here at Tidelift. Because we are in the business of helping your organization ensure its supply chain is secure and ...

Why scanning isn't enough

By Cameron Miller on March 31, 2020
Developers today can choose from millions of free open source components, enabling them to build applications faster than ever before. But with great ...

Verifying upstream maintainers could help prevent supply-chain compromises

By John Marcus III on March 10, 2020
In modern application development, open source is everywhere. In fact, 92% of professional application teams report that they leverage open source ...

The Tidelift approach to securing open source dependencies

By Jeremy Katz on November 21, 2019
If your team is like most modern application development teams, you are using a core of 70-80% open source components in your application. For good ...

The current state of two-factor authentication across package managers

By Tieg Zaharia on July 23, 2019
Recently at Tidelift we started asking our partnered maintainers (we call them “lifters”) to confirm that they have Two-Factor Authentication (2FA) ...

VICE Motherboard on the business of funding open source development

By Donald Fischer on February 19, 2019
Daniel Oberhaus at VICE Motherboard published an extensive essay last week delving into the history and future of open source development. It’s a ...

Don't miss the latest from Tidelift

Filter by Topic