RSVP: How to build a sound OSS management strategy
💪
For maintainers
Log in
Product
Overview
Solutions
Scope of support
Pricing
SCHEDULE DEMO
Resources
All Resources
Log4Shell
Guides & Reports
Webinars
Surveys
Analysts
Documentation
Videos
Blog
Partnerships
Podcasts
Events
LOG4SHELL RESOURCES
About
About Tidelift
Press
Contact Us
JOIN THE TIDELIFT TEAM
Blog
SCHEDULE DEMO
Featured
Tidelift advisory: New White House OMB guidance impacts organizations building apps with open source
Yesterday, the U.S. government’s Office of Management and Budget (part of the Executive Office of the President) released memorandum M-22-18 on ...
by
Donald Fischer
on September 15, 2022
New NSA, CISA, ODNI best practices for securing the open source software supply chain
By
Donald Fischer
on September 6, 2022
Last week, in a response to the ever-growing list of software supply chain attacks (SolarWinds and Log4Shell specifically), the U.S. National ...
Thinking upstream about the White House cybersecurity executive order 14028
By
Donald Fischer
on May 19, 2021
The upstream parable Stop me if you’ve heard this one before.
Filter by Topic
Managed open source
(57)
Lifters
(53)
Maintainers
(49)
Events
(37)
Data
(27)
Dependencies
(25)
NPM
(25)
Open Source Software
(25)
Developers
(24)
Subscription
(24)
Sustainability
(22)
the Tidelift Subscription
(22)
JavaScript
(21)
Licensing
(21)
open source licenses
(20)
Lifter Interview
(19)
Upstream
(19)
Packages
(18)
Python
(17)
Pay the Maintainers
(15)
Package Managers
(14)
Security
(13)
Survey
(13)
Vue
(13)
Libraries.io
(12)
Log4Shell
(12)
Open source supply chain solutions
(11)
2020 managed open source survey
(10)
Java
(10)
Log4j vulnerability
(10)
Maven
(10)
Package Management
(10)
Teamwork
(10)
Tidelift catalogs
(10)
log4j
(10)
AWS
(9)
PyPI
(9)
2019 managed open source survey
(8)
Free trial
(8)
jfrog
(8)
open source supply chain
(8)
webinar
(8)
Apache Log4j2 <=2.14.1
(7)
PHP
(7)
Product updates
(7)
Intro to managed open source
(6)
Metrics
(6)
White House executive order 14028
(6)
cybersecurity
(6)
rubygems
(6)
Interface
(5)
Ruby
(5)
VueConf
(5)
VueJS
(5)
Vuetify
(5)
remote work
(5)
software supply chain
(5)
2021 maintainer survey
(4)
AWS:reinvent
(4)
Financial services
(4)
GitHub
(4)
Linux
(4)
Packagist
(4)
The 2021 Tidelift open source maintainer survey
(4)
devops
(4)
podcast
(4)
remote team
(4)
sBOMs
(4)
supply chain attacks
(4)
urllib3
(4)
Application Development
(3)
Bloomberg
(3)
COVID-19
(3)
Changelog
(3)
Dependency hell
(3)
FinTech
(3)
Forrester
(3)
Gartner
(3)
Good docs
(3)
Google
(3)
Government
(3)
Hacker
(3)
How to
(3)
IDC
(3)
Maintenance
(3)
MongoDB
(3)
Mongoose
(3)
Open Source Initiative
(3)
Package manager
(3)
Project Lombok
(3)
Pupdates
(3)
Python Software Foundation
(3)
React
(3)
The Python Software Foundation
(3)
Tidelift-managed catalogs
(3)
White House executive order
(3)
copyleft licenses
(3)
dependency health
(3)
ethical open source licenses
(3)
funding
(3)
open source scanning tools
(3)
open source support
(3)
recession
(3)
2020 survey
(2)
2FA
(2)
451 Research
(2)
Artifactory
(2)
Babel
(2)
Community
(2)
Enterprise
(2)
GNU Public License
(2)
GitLab Commit
(2)
Golang
(2)
Gulp JS
(2)
Hippocratic (aka Do No Harm) License
(2)
Hiring
(2)
Laravel
(2)
Maintainer Week
(2)
Material-UI
(2)
NumFocus
(2)
NumPy
(2)
NuxtJS
(2)
PSF
(2)
Productivity
(2)
PyCon
(2)
Red Hat
(2)
SCA tools
(2)
Server Side Public License
(2)
SolarWinds
(2)
Tidelift advisory
(2)
Two Factor Authentication
(2)
Vulnerabilities
(2)
Webpack
(2)
ajv
(2)
catalogs
(2)
commercial assurance
(2)
composer
(2)
cooking with tidelift and jfrog
(2)
copyleft
(2)
critical vulnerability
(2)
cyber safety review board
(2)
diversity
(2)
documentation
(2)
eslint
(2)
known-good open source
(2)
managing open source
(2)
nodejs
(2)
open source contributions
(2)
open source software supply chain
(2)
open source software support
(2)
pandas
(2)
security vulnerability
(2)
software bills of materials
(2)
swampup
(2)
2021 survey
(1)
996.icu
(1)
996.icu license
(1)
AGPL
(1)
AGPL v3
(1)
APIs
(1)
Active Admin
(1)
Apache License
(1)
Beautiful Soup
(1)
Blue Oak Model License
(1)
Browserify
(1)
Bundler
(1)
Byte Buddy
(1)
CHIME
(1)
CLI
(1)
CSRB
(1)
CVE
(1)
CVE-2022-22965
(1)
Carbon
(1)
Careers
(1)
Commercial Open Source Software
(1)
Community health files
(1)
CommunityBridge
(1)
Contributing to open source
(1)
Cryptographic Autonomy License
(1)
DXY.cn
(1)
Dependency analyzer
(1)
DevOps Enterprise Summit
(1)
Devopsdays
(1)
Digital Ocean
(1)
Digital transformation
(1)
Django
(1)
DjangoCon
(1)
ECMAScript 5
(1)
ED&I
(1)
Elastic
(1)
Evil Martians
(1)
Fannie Mae
(1)
Fidelity Investments
(1)
Free Software Foundation
(1)
GPL
(1)
GPL v3
(1)
Girls Who Code
(1)
GitHub Marketplace
(1)
GitHub Satellite
(1)
Global Maintainer Summit
(1)
Hacktoberfest
(1)
Jade
(1)
Legal
(1)
Lerna project
(1)
License Zero
(1)
Lifter help
(1)
Lighthouse PHP
(1)
Locale.ai
(1)
MITRE
(1)
Maintainerati
(1)
Microsoft
(1)
Mockito
(1)
Nuxt
(1)
OSCON
(1)
OSI
(1)
OSPO
(1)
OSPOCON
(1)
OSS
(1)
Open Source Leadership Summit
(1)
OpenJS Collaborator Summit
(1)
Oracle
(1)
Path-to-RegExp
(1)
Penciljs
(1)
Pillow
(1)
Pug JS
(1)
Pupdate
(1)
Pylint
(1)
Pyparsing
(1)
QCon
(1)
Ramda Adjunct
(1)
React-Native
(1)
Research
(1)
Ruby Together
(1)
Rust
(1)
SOC 2 Type 2
(1)
SOC2
(1)
SSPL
(1)
SciPy
(1)
SerenityJS
(1)
Slack
(1)
Slim Framework
(1)
Spring
(1)
Spring MVC
(1)
Spring WebFlux
(1)
Spring framework
(1)
StandardJS
(1)
Stratus Digital Systems
(1)
Sudo Show
(1)
SugarCRM
(1)
Symfony
(1)
TC39
(1)
TFiR
(1)
Techstrong Con
(1)
Tools
(1)
USGS
(1)
Underscore
(1)
University of Michigan
(1)
Upstream thinking
(1)
Vue 3
(1)
Vue vs React
(1)
What is a package manager
(1)
agile
(1)
ama
(1)
analyst firm
(1)
anti-carbon license
(1)
array flatten
(1)
artifacts
(1)
autoprefixer
(1)
backbone
(1)
backend framework
(1)
burnout
(1)
byebug
(1)
cadence shear
(1)
case study
(1)
code health
(1)
command line integration
(1)
contributor
(1)
coordinated security vulnerability disclosure
(1)
coronavirus
(1)
curl
(1)
data science
(1)
decentralized internet
(1)
demo
(1)
docs advocacy
(1)
es5-shim
(1)
event
(1)
finos
(1)
formidable
(1)
google monorepo
(1)
grape
(1)
halfnium microsoft exchange
(1)
inclusion
(1)
json
(1)
keynote
(1)
lock files
(1)
mental health
(1)
nist
(1)
no-negotiation policy
(1)
nuget
(1)
o'reilly
(1)
observability
(1)
open source management
(1)
open source security standards
(1)
open source strategy forum
(1)
open source summit
(1)
opencore
(1)
package health
(1)
package invalidation
(1)
package manifests
(1)
package selection
(1)
package signing
(1)
php html parser
(1)
phpstan
(1)
pluralize
(1)
polyfills
(1)
postcss
(1)
react-native-camera
(1)
reactivity
(1)
redmonk
(1)
repo
(1)
repo attacks
(1)
requests
(1)
rights ratchet
(1)
ruby grape
(1)
software architects
(1)
software engineers
(1)
supply-chain compromises
(1)
swift
(1)
tech books
(1)
the Apache Foundation
(1)
the Flarum Foundation
(1)
the Linux Foundation
(1)
the Polyform Project
(1)
third_party_prefix
(1)
unfunded mandates
(1)
vue 2
(1)
vue catalog
(1)
vuesax
(1)
websockets
(1)
wordpress
(1)
working at Tidelift
(1)
zero day exploit
(1)
zero day exploits
(1)
zero-day fire drill
(1)
See All
