Sponsor: Tidelift

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Over the following pages, we’ll share nine of the most interesting findings with you.

In this Upstream chat, Tracy Bannon from MITRE joined us to discuss why it took so long, what is happening now that will help organizations positively impact their own security preparedness, and how we can bring forward good ideas and warnings in the future.

She discussed how to talk about risk profile and ways organizations can force-rank priorities. She also discussed why it’s important to reduce cognitive load on the development teams and why it’s important to offload some tasks onto trusted vendors.

Tidelift CEO and co-founder Donald Fischer then joined the discussion and explained how all this applies to open source software specifically. Donald and Tracy discussed the recently disclosed security vulnerability in the Apache log4j project, which has been dubbed “Log4Shell”, why it’s important to address quickly, how to address it, and how to better prepare for future vulnerabilities. You won't want to miss this.

Log4j is a popular library for logging things in Java applications. Practically every organization that uses Java (Maven/Gradle) uses Log4j and has likely been impacted by the log4shell vulnerability.

In this 20-minute briefing, Tidelift solutions architect lead Mark Galpin shares what you need to know about the recent Log4Shell vulnerability—and demos how Tidelift can help.

Mark breaks down the current situation and shares tips for remediating the issue. You won't want to miss this.

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Over the following pages, we’ll share nine of the most interesting findings with you.

A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.

Recent high profile breaches like the Colonial Pipeline ransomware attack or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.

Tidelift CEO and co-founder Donald Fischer shares his perspective on how the cybersecurity executive order impacts software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close in order to stay in compliance. And he’ll share a proactive approach to addressing open source software supply chain health and security upstream.

If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this briefing.

When cooking for friends or family, many of us go out of the way to seek the freshest, tastiest ingredients possible. You may have favorite producers at the local farmers market, or brands from the grocery that you've come to know and trust. But when choosing the ingredients that make up our open source applications, we often bring in new libraries without any guarantees that they are safe and well maintained.

We wanted to distill the idea of managing open source down to something so simple, you could explain it to a child, so that’s why we wrote a children’s book about enterprise open source software management. Yes, we just used the phrases “children’s book” and “enterprise open source software” in the same sentence.

We call it Cooking with Tidelift, and it will show you how we can help you create catalogs of known-good, proactively maintained open source components to ensure your apps are as safe and healthy as they can be.

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Over the following pages, we’ll share nine of the most interesting findings with you.

A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.

Recent high profile breaches like the Colonial Pipeline ransomware attack or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.

Tidelift CEO and co-founder Donald Fischer shares his perspective on how the cybersecurity executive order impacts software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close in order to stay in compliance. And he’ll share a proactive approach to addressing open source software supply chain health and security upstream.

If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this briefing.

When cooking for friends or family, many of us go out of the way to seek the freshest, tastiest ingredients possible. You may have favorite producers at the local farmers market, or brands from the grocery that you've come to know and trust. But when choosing the ingredients that make up our open source applications, we often bring in new libraries without any guarantees that they are safe and well maintained.

We wanted to distill the idea of managing open source down to something so simple, you could explain it to a child, so that’s why we wrote a children’s book about enterprise open source software management. Yes, we just used the phrases “children’s book” and “enterprise open source software” in the same sentence.

We call it Cooking with Tidelift, and it will show you how we can help you create catalogs of known-good, proactively maintained open source components to ensure your apps are as safe and healthy as they can be.

The phrase “software supply chain” is making unlikely front-page headlines thanks to the breach impacting SolarWinds and its customers around the world. Meanwhile, open source continues to become a larger and larger part of application development, with our research showing that 92% of applications contain open source components.

So for organizations now seeing software supply chain health as a key imperative, tackling open source software supply chain health is more critical than ever.

During this short, 30-minute webinar our product team demonstrates how you can use the Tidelift Subscription as the heart of an effective open source supply chain management strategy.

In this webinar:

• We'll show you how to design a comprehensive strategy for managing open source usage across the organization.
• We’ll demonstrate Tidelift custom catalogs, including the ability to create, track, and manage catalogs of open source components and the policies that govern them across the organization.
• We'll explore how Tidelift-managed catalogs can give your organization a head start on building a paved path of approved components for development teams to use, similar to how the larges.