Remove the risk to your organization's revenue, data, and customers from bad open source packages.
Resources
White Paper
xz backdoor hack: What government agencies need to know
News, perspectives, and recommendations for application development teams dealing with the xz utils backdoor hack.
Virtual Event
Upstream: A Tidelift expedition
Join us on June 5th for a 100% virtual, completely free event bringing together like-minded application development teams, open source project maintainers, and the extended network of people who care most about their work.
Video
Tidelift VP of Public Sector Robert Wickham on open source and innovation with Fed Gov Today
At DoDIIS 2023 Tidelift VP of Public Sector Robert Wickham sat down with Francis Rose at Fed Gov Today to discuss open source and its role in public sector
The value of a proactive approach to open source application security for government agencies
Large enterprise customers have found a new way to proactively improve software security risk and strengthen the resilience of the open source powering their applications. This is the story of one such customer, who worked with Tidelift and its maintainer partners to save time and money.
Guide
The guide to managing open source software risk with Tidelift
This guide helps your teams develop an effective strategy for maintaining the health and security of your organization’s open source software supply chain.
White Paper
10 questions you should answer before using a new open source project
The easiest way to avoid having to replace problematic open source dependencies is to not bring them in at all. Here are 10 questions you should answer before depending on an open source project.
Tidelift guide to U.S. government cybersecurity requirements
Learn what application development teams using open source need to know about U.S. government cybersecurity guidelines and how to stay in compliance.
Case Story
EMPLOYERS® insurance works with Tidelift to improve technical hygiene and remediate Log4Shell vulnerability
This case study shares how EMPLOYERS® insurance works with Tidelift to improve technical hygiene and remediate Log4Shell vulnerability.
Report
The 2023 Tidelift state of the open source maintainer report
Almost 60% of maintainers have quit, or considered quitting, and many are on the brink of burnout. This is especially relevant in light of the recent xz utils backdoor hack.
The Tidelift maintainer advantage: How maintainer Jordan Harband saved the popular minimist JavaScript package from deletion
Maintainer Jordan Harband saved the popular Minimist JavaScript project from deletion when its previous maintainer decided to delete their projects from GitHub.
Webinar
Defense in depth: How to use Tidelift alongside your other SCA tool
Many of our customers are using Tidelift and one or more SCA tools together as part of what we call a “defense in depth” strategy, where SCA handles reactively detecting security vulnerabilities and Tidelift handles proactively improving the health and security of your open source software supply chain.
Whitepaper
Open source management and policy compliance whitepaper
The U.S. government has announced a new requirement that will mandate that its software suppliers self-attest that they follow the secure software development practices outlined in the NIST Secure Software Development Framework (SSDF). Here are the details you should know.
Keynote: Software transparency: SBOM in a world built on open source
Allan Friedman, senior advisor and strategist at CISA, shares the state of software bill of materials (SBOMS), how SBOMs apply to open source security, and what comes next.
