Tidelift

This week we released a new Tidelift company video that in 3 minutes articulates the problem Tidelift solves, how we solve it, and what makes us unique. 1️⃣ Problem: Using bad #opensource packages slows teams down and creates risk to organizations' revenue, data, and customers. 2️⃣ How Tidelift helps: Tidelift helps organizations proactively reduce their reliance on bad open source packages. 3️⃣ What makes us unique: We are the only company that partners with the #maintainers of 1000s of the most-relied-upon open source packages and pays them to make their packages healthier and more secure. Watch it for yourself today! 📽 If you want to talk further with us about anything you see in the video, get in touch with us here: https://lnkd.in/gksz64h8

Do you actively maintain one or more #opensource projects? If so, take a few minutes to complete the 2024 Tidelift maintainer survey! https://hubs.la/Q02FnYW10

Simply put: organizations should strive to work with and support #opensource maintainers to secure and maintain the open source software supply chain. It's been a month since Upstream and we're looking back at some of the highlights from our talks featuring esteemed guests and panelists discussing #opensource, the open source software supply chain, and open source software #security. In this featured clip, Aeva Black, Section Chief, Open Source Security at Cybersecurity and Infrastructure Security Agency (CISA), talks about how organizations can get started with improving their open source usage, including signing the Secure by Design Pledge. From Aeva: "...there are a lot of these new tools being developed to help surface up the trustworthiness of a project at a given point in time, based on, a lot of, again, volunteers working together to track and measure these relationships. And it's not foolproof, it's not perfect; there are bugs in all software. Open source is still just software. So like with any software, mistakes might happen, but through working together and maintaining those relationships, it's pretty darn good. " We agree, it's pretty darn good. 👏 Watch the full talk here 👉 https://lnkd.in/gJztHSsz

Announcing the 2024 Tidelift state of the open source maintainer survey! 🎉 Do you actively maintain one or more #opensource projects? If so, we'd love to learn from you. All open source maintainers who fill out the survey will receive our brand new 2024 pay the maintainers t-shirt 👕 ‼️ Take the survey: https://bit.ly/3XK6qYF

Last month, we introduced the availability of #opensource package end-of-life data through the Tidelift Subscription—today we’re extending our end-of-life data capabilities with open source package version-level end-of-life data and enhanced reporting capabilities. These new features are designed to help Tidelift customers make informed decisions about prioritizing the work that has the most meaningful impact on lowering risks to their revenue, data, and business continuity. What problems do packages declared as end-of-life present? 🤔 When a package or version has been declared end-of-life, any new vulnerabilities affecting the impacted packages and versions will no longer be addressed by the maintainers, leaving the burden of remediation entirely on the users. What new functionality is Tidelift providing to address these challenges? 🛠️ With this latest update, Tidelift not only provides package version end-of-life data but also helps our customers understand the level of risk associated with using outdated versions. We equip customers with meaningful information such as: • the number of applications utilizing the end-of-life version • the number of vulnerabilities actively affecting the end-of-life version, • and the number of major and minor versions separating the end-of-life version from the latest supported version. Learn more about this most recent update to the Tidelift Subscription in the latest post in the Tidelift blog by VP of Product, Lauren Hanford: https://bit.ly/4cALUhh

Tidelift maintainer partner Seth Michael Larson was featured in InformationWeek’s latest story on “Delving into the risks and rewards of the open source ecosystem.” 🎉 In it, author Carrie Pallardy stated, “Open-source software is inherently different than commercial software, but it will not serve enterprises to treat this ecosystem as a completely free resource that will always be there when they need it.” We couldn’t agree more. 👍 Seth added, “If we just continue to treat this as an infinite, extractive resource without contributing back, without doing something to maintain that, it will just end up causing a huge amount of churn.” The article highlights the need for enterprise organizations to include giving back to the #opensource community as part of their model for securing the open source in use at their companies. To read more of the discussion from Seth and others, the full article can be found on Information Week: https://lnkd.in/gKY6RsBF

Pillow, the ubiquitous image processing library for #Python, is on the security front-lines due to the large amount of parsing code handling untrusted inputs every day. It's excellent to hear that Pillow's security posture matches it's security-sensitive use-cases thanks to support from Tidelift! #security #supplychain #supplychainsecurity #oss #opensource

Missed the Tidelift Upstream event? You can watch them on demand now! Particularly my great discussion with Donald Fischer is available now, where we talk about patch management needing a revolution! https://lnkd.in/gf2fsPd7

Aaaand that’s a wrap! 👏 #Upstream2024 has come to a close. We’re incredibly thankful for all those who attended and for those who gave their time to present on some amazing topics. 🧡 Did you miss out on Upstream? No worries! We’ve got it handled. All talks are on-demand: https://bit.ly/3V8K8gf

Our much anticipated #Upstream2024 maintainer state of the union is starting now! 📣 Hear from Tatu Saloranta of jackson-databind; Wesley Beary, who maintains popular Ruby projects fog and excon; Irina Nazarova of Evil Martians and Valeri Karpov, from Mongoose, who will discuss the state of life as an #opensourcemaintainer in 2024. Join the conversation: https://bit.ly/3Vq0Uc8