Resources

Watch this webinar when Lauren will go over the ways to reduce your organizations reliance on “bad” open source packages and will review what “bad” open source package really means.

An overview of IDC research and current recommendations for application development and security leaders to improve open source resilience and reduce risk

The explosive details about the recent xz utils backdoor hack, in which a volunteer open source maintainer was manipulated over a period of years into giving commit access to their project, have sent shudders across all open source communities.

Gartner’s Hype Cycle reports are meant to help understand the commercial viability of and maturity timeline of new technology trends.

As part of an open source software strategy, organizations are increasingly hosting curated OSS package management and artifact repositories internally to mitigate risk and reduce developer friction.

Guest speaker IDC Research Director Jim Mercer shares insights from recent IDC research into how organizations can safely and effectively use open source for building applications.

Learn how to proactively reduce security risk from bad open source packages and use open source with confidence with the Tidelift Subscription.

The easiest way to avoid having to replace problematic open source dependencies is to not bring them in at all. Learn more in our newest inforgraphic.

Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Hear from a Tidelift customer who worked with Tidelift and its maintainer partners to save time and money while strengthening the resilience of the open source powering their applications.

Maintainer Jeffrey A. Clark used income from Tidelift and its customers to significantly improve security practices used to maintain Pillow, a popular Python Image Library package downloaded 3 million times a day.

Maintainer Tatu Saloranta used income from Tidelift and its customers to completely rearchitect jackson-databind and eliminate the risk of RCE vulnerabilities.

Hundreds of maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Tidelift fielded our annual survey of technologists—including software developers, engineering executives and managers, architects, and devops pros—who build applications with open source.

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers.

Watch this demo to learn how eliminating bad open source packages can lead to lowering security risks, improving productivity, improving application quality, and increasing operational efficiency.

The explosive details about the recent xz utils backdoor hack, in which a volunteer open source maintainer was manipulated over a period of years into giving commit access to their project, have sent shudders across all open source communities.

Watch this quick demo to learn how Tidelift can help your organization generate software bills of materials (SBOMs) and implement open source usage and management standards consistently across development teams.

Luis Villa of Tidelift joins the show to discuss GitHub Copilot and the implications of an AI pair programmer from a legal perspective.

How do you define open source software? What are the challenges an open source project and maintainers face?

In this episode we’re shinning our maintainer spotlight on Ned Batchelder.

What we got wrong about crypto, what we might get right about AI video

In this week’s episode of the Upstream podcast, Luis Villa sits with Annie Rauwerda of Depths of Wikipedia and Sumana Harihareswara, stand-up comedian and founder of Changeset Consulting.

In this week’s episode of the Upstream podcast, Luis Villa sits with Kellan Elliot-McCrea of Adobe and Adam Jacon, CEO of System Initiative. Should software development teams be a team sport or an orchestra rather than a factory?