<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Upstream 2024: key findings and solutions for the usual open source problems

Amy Hays
by Amy Hays
on June 5, 2024

Don't miss the latest from Tidelift

Thank you to everyone who joined us at Upstream yesterday! This was our fourth year hosting this expedition upstream to connect the people who make open source with those who use it. 

Over 700 of you attended live, and we had special guests filtering in through the hallway throughout the day including Katherine Druckman from Intel, prolific maintainer Jordan Harband, Josh Bressers of Anchore, the Apache Foundation’s Gary Gregory, Val Karpov of Mongoose, open source thought leader Ashley Williams, maintainer Wesley Beary, and Seth Larson of urllib3. Thank you all for joining!

Let's do a quick recap of the actual sessions, shall we? 🤗

🌇 Tidelift co-founder Luis Villa kicked off the day by introducing this year’s theme, “unusual solutions to solve the usual problems” around open source health and security:

“The usual problem is a classic collective action problem. It results from a lot of individually very reasonable decisions, which compounded into a size none of us could fully have predicted when we started down this road.”

💸 Frank Nagle, assistant professor at Harvard Business School, then joined Luis, in our first fireside chat of the day, and talked about a recent paper Frank co-authored where he estimated the value of the world’s open source infrastructure at $8.8 trillion dollars.  

🤕 Vincent Danen, VP of Product Security at Red Hat, sat down with Tidelift co-founder and CEO, Donald Fischer, and made the case that our current system of patch management is in desperate need of a revolution (and he shared what a better approach focused on risk mitigation might look like). 

🗽 Aeva Black and Jack Cable, from CISA (the U.S. Cybersecurity Infrastructure and Security Agency), chatted with Tidelift CEO and co-founder Donald Fischer about the industry-wide effort they are leading to make security by design a core business requirement in products versus an aftermarket technical feature. Check out their discussion.

🍁 Aisha Gautreau, OSPO lead at a large Canadian telecommunications company, sat down with Tidelift VP of product, Lauren Hanford, and shared the journey of building an open source program office and what advantages it has created for them so far.

👨‍💻 We ended the day with our annual tradition, the state of the maintainer panel. Tatu Saloranta of jackson-databind, Wesley Beary, who maintains popular Ruby projects fog and excon, Irina Nazarova of Evil Martians, and Valeri Karpov, Mongoose maintainer, discussed what the life of a maintainer is like in 2024. 

There were so many good sessions, but we couldn't fit them all in this one email. All the sessions are on-demand!  

Watch now

Thank you to all of our partners who helped support Upstream this year: Carahsoft, Open Source Initiative, the Python Software Foundation, Dev, BlackIce Solutions, Read the Docs, Ethical Ads, NUMFocus, Anchore, Medcrypt, and Changelog!

New call-to-action