This week we released a new Tidelift company video that in 3 minutes articulates the problem Tidelift solves, how we solve it, and what makes us unique. 1️⃣ Problem: Using bad #opensource packages slows teams down and creates risk to organizations' revenue, data, and customers. 2️⃣ How Tidelift helps: Tidelift helps organizations proactively reduce their reliance on bad open source packages. 3️⃣ What makes us unique: We are the only company that partners with the #maintainers of 1000s of the most-relied-upon open source packages and pays them to make their packages healthier and more secure. Watch it for yourself today! 📽 If you want to talk further with us about anything you see in the video, get in touch with us here: https://lnkd.in/gksz64h8
Tidelift
Software Development
Boston, MA 3,211 followers
Tidelift helps organizations effectively manage the open source behind modern applications.
About us
Tidelift helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers a comprehensive management solution, including the tools to create customizable catalogs of known-good, proactively maintained components backed by Tidelift and its open source maintainer partners. Tidelift enables organizations to accelerate development and reduce risk when building applications with open source, so they can create even more incredible software, even faster.
- Website
-
http://tidelift.com
External link for Tidelift
- Industry
- Software Development
- Company size
- 11-50 employees
- Headquarters
- Boston, MA
- Type
- Privately Held
- Founded
- 2017
- Specialties
- open source, open source software, open source software security, open source software management, and software supply chain security
Locations
-
Primary
50 Milk St, 16th Floor
Boston, MA 02109, US
Employees at Tidelift
Updates
-
Tidelift reposted this
Do you actively maintain one or more #opensource projects? If so, take a few minutes to complete the 2024 Tidelift maintainer survey! https://hubs.la/Q02FnYW10
-
-
Simply put: organizations should strive to work with and support #opensource maintainers to secure and maintain the open source software supply chain. It's been a month since Upstream and we're looking back at some of the highlights from our talks featuring esteemed guests and panelists discussing #opensource, the open source software supply chain, and open source software #security. In this featured clip, Aeva Black, Section Chief, Open Source Security at Cybersecurity and Infrastructure Security Agency (CISA), talks about how organizations can get started with improving their open source usage, including signing the Secure by Design Pledge. From Aeva: "...there are a lot of these new tools being developed to help surface up the trustworthiness of a project at a given point in time, based on, a lot of, again, volunteers working together to track and measure these relationships. And it's not foolproof, it's not perfect; there are bugs in all software. Open source is still just software. So like with any software, mistakes might happen, but through working together and maintaining those relationships, it's pretty darn good. " We agree, it's pretty darn good. 👏 Watch the full talk here 👉 https://lnkd.in/gJztHSsz
-
Announcing the 2024 Tidelift state of the open source maintainer survey! 🎉 Do you actively maintain one or more #opensource projects? If so, we'd love to learn from you. All open source maintainers who fill out the survey will receive our brand new 2024 pay the maintainers t-shirt 👕 ‼️ Take the survey: https://bit.ly/3XK6qYF
-
-
Last month, we introduced the availability of #opensource package end-of-life data through the Tidelift Subscription—today we’re extending our end-of-life data capabilities with open source package version-level end-of-life data and enhanced reporting capabilities. These new features are designed to help Tidelift customers make informed decisions about prioritizing the work that has the most meaningful impact on lowering risks to their revenue, data, and business continuity. What problems do packages declared as end-of-life present? 🤔 When a package or version has been declared end-of-life, any new vulnerabilities affecting the impacted packages and versions will no longer be addressed by the maintainers, leaving the burden of remediation entirely on the users. What new functionality is Tidelift providing to address these challenges? 🛠️ With this latest update, Tidelift not only provides package version end-of-life data but also helps our customers understand the level of risk associated with using outdated versions. We equip customers with meaningful information such as: • the number of applications utilizing the end-of-life version • the number of vulnerabilities actively affecting the end-of-life version, • and the number of major and minor versions separating the end-of-life version from the latest supported version. Learn more about this most recent update to the Tidelift Subscription in the latest post in the Tidelift blog by VP of Product, Lauren Hanford: https://bit.ly/4cALUhh
-
-
Tidelift maintainer partner Seth Michael Larson was featured in InformationWeek’s latest story on “Delving into the risks and rewards of the open source ecosystem.” 🎉 In it, author Carrie Pallardy stated, “Open-source software is inherently different than commercial software, but it will not serve enterprises to treat this ecosystem as a completely free resource that will always be there when they need it.” We couldn’t agree more. 👍 Seth added, “If we just continue to treat this as an infinite, extractive resource without contributing back, without doing something to maintain that, it will just end up causing a huge amount of churn.” The article highlights the need for enterprise organizations to include giving back to the #opensource community as part of their model for securing the open source in use at their companies. To read more of the discussion from Seth and others, the full article can be found on Information Week: https://lnkd.in/gKY6RsBF
-
Tidelift reposted this
Pillow, the ubiquitous image processing library for #Python, is on the security front-lines due to the large amount of parsing code handling untrusted inputs every day. It's excellent to hear that Pillow's security posture matches it's security-sensitive use-cases thanks to support from Tidelift! #security #supplychain #supplychainsecurity #oss #opensource
I love sharing stories about what open source maintainers are able to do to make their projects healthier and more secure with the income they receive from Tidelift and our customers. Today, I'm sharing a newly released story written by Caitlin Bixby about Pillow, a popular Python project led by Jeffrey Clark (Alex). From the story: Getting paid in 2019 with Tidelift was like getting a record deal. I made it,” said Alex. Not only was Alex receiving pay, with help from Tidelift and its paying customers, he’s now able to make sure that his security co-maintainer, Eric, gets paid as well. One of the biggest benefits Tidelift customers get in return for investing in the work of the Pillow maintainer team is better documentation around security issues. Prior to receiving income, the Pillow team wasn’t able to invest any time in documenting security issues. Now that has changed for the better. Even more importantly, security has become part of the normal process for doing business for the Pillow team, now that they are being paid to put in place and document the project’s secure software development practices. The team has made numerous upgrades to their security processes, including documenting security fixes, and with tooling provided by Tidelift, it’s become much more streamlined to tackle security issues with Tidelift’s help. “Tidelift is doing a huge part of the unpleasant stuff that, if I actually had to do this, I would probably be a whole different person. Having a partner in the stuff that is serious is very helpful.” Thanks, Alex, we appreciate your work so much!! ❤️ https://lnkd.in/gP2RKbtw
How a popular Python project established a documented and streamlined security process
explore.tidelift.com
-
Tidelift reposted this
Missed the Tidelift Upstream event? You can watch them on demand now! Particularly my great discussion with Donald Fischer is available now, where we talk about patch management needing a revolution! https://lnkd.in/gf2fsPd7
Upstream 2024 | Patch management needs a revolution
https://www.youtube.com/
-
Aaaand that’s a wrap! 👏 #Upstream2024 has come to a close. We’re incredibly thankful for all those who attended and for those who gave their time to present on some amazing topics. 🧡 Did you miss out on Upstream? No worries! We’ve got it handled. All talks are on-demand: https://bit.ly/3V8K8gf
-
-
Our much anticipated #Upstream2024 maintainer state of the union is starting now! 📣 Hear from Tatu Saloranta of jackson-databind; Wesley Beary, who maintains popular Ruby projects fog and excon; Irina Nazarova of Evil Martians and Valeri Karpov, from Mongoose, who will discuss the state of life as an #opensourcemaintainer in 2024. Join the conversation: https://bit.ly/3Vq0Uc8
-