Cool Vendors in Software Engineering: Enhancing Developer Productivity
Tidelift is recognized as a Cool Vendor
We're excited to share that Tidelift has been named as a Cool Vendor in the 2022 Gartner® Cool Vendors™ in Software Engineering: Enhancing Developer Productivity report.
The report is designed to highlight interesting, new and innovative vendors, products and services.
From the report:
"Software engineers struggle to navigate complex code environments and to improve security of the systems they build while remaining productive. These Cool Vendors offer innovative solutions that help software engineering leaders boost developer productivity and mitigate security risks."
Cooking with Tidelift
When cooking for friends or family, many of us go out of the way to seek the freshest, tastiest ingredients possible. You may have favorite producers at the local farmers market, or brands from the grocery that you've come to know and trust. But when choosing the ingredients that make up our open source applications, we often bring in new libraries without any guarantees that they are safe and well maintained.
We wanted to distill the idea of managing open source down to something so simple, you could explain it to a child, so that’s why we wrote a children’s book about enterprise open source software management. Yes, we just used the phrases “children’s book” and “enterprise open source software” in the same sentence.
We call it Cooking with Tidelift, and it will show you how we can help you create catalogs of known-good, proactively maintained open source components to ensure your apps are as safe and healthy as they can be.
The Tidelift Guide to Managing Open Source
The best way to get the most of open source? Ensure the organization has a comprehensive strategy for managing open source in place.
In this guide, you will learn:
- Why open source software is the modern application development platform, and why developers love open source software.
- The areas in which unmanaged open source drains productivity and increases risk.
- How to understand, design, build, and transform your organization's approach to managing open source components.
The 2022 Open Source Software Supply Chain Survey Report
In this year’s survey, we learned how current events like the SolarWinds and Log4Shell software supply chain exploits and new government initiatives like the White House executive order on improving the nation’s cybersecurity are changing the way organizations manage open source.
We explored the most urgent challenges development teams face when building applications with open source. We collected data regarding how confident technologists are in their organizations’ current open source management practices, and in the open source components and languages they use more generally. Finally, we dove deep into several open source management best practices, including the use of software bills of materials (SBOMs) and repositories of approved open source components.
Log4Shell, Open Source Maintenance, And Why SBOMs Are Critical Now
Tidelift CEO and co-founder Donald Fischer and guest speaker Forrester Principal Analyst Sandy Carielli discussed some of the key lessons organizations can learn from Log4Shell along with some critical recommendations organizations can use to prepare for handling similar issues down the road.
Sandy and Donald talked about how enterprise organizations should:
- Use software bills of materials to better understand and manage their open source software supply chain.
- Enhance their visibility of the open source components being used and the associated transitive dependencies.
- Focus on proactive open source maintenance and how to better prepare their teams to quickly mitigate the risk of future vulnerabilities.
- Consider the role open source maintainers play in risk planning and mitigation.
The 2021 Tidelift Open Source Maintainer Survey
In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.
Over the following pages, we’ll share nine of the most interesting findings with you.
OSS Supply Chain Security and How to Help Your Overburdened Dev Team
In this Upstream chat, Tracy Bannon from MITRE joined us to discuss why it took so long, what is happening now that will help organizations positively impact their own security preparedness, and how we can bring forward good ideas and warnings in the future.
She discussed how to talk about risk profile and ways organizations can force-rank priorities. She also discussed why it’s important to reduce cognitive load on the development teams and why it’s important to offload some tasks onto trusted vendors.
Tidelift CEO and co-founder Donald Fischer then joined the discussion and explained how all this applies to open source software specifically. Donald and Tracy discussed the recently disclosed security vulnerability in the Apache log4j project, which has been dubbed “Log4Shell”, why it’s important to address quickly, how to address it, and how to better prepare for future vulnerabilities. You won't want to miss this.
Everything You Need to Know About the Log4Shell Vulnerability
Log4j is a popular library for logging things in Java applications. Practically every organization that uses Java (Maven/Gradle) uses Log4j and has likely been impacted by the log4shell vulnerability.
In this 20-minute briefing, Tidelift solutions architect lead Mark Galpin shares what you need to know about the recent Log4Shell vulnerability—and demos how Tidelift can help.
Mark breaks down the current situation and shares tips for remediating the issue. You won't want to miss this.
The 2021 Tidelift Open Source Maintainer Survey
In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.
Over the following pages, we’ll share nine of the most interesting findings with you.
Thinking Upstream About White House Cybersecurity Order 14028
A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.
Recent high profile breaches like the Colonial Pipeline ransomware attack or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.
Tidelift CEO and co-founder Donald Fischer shares his perspective on how the cybersecurity executive order impacts software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close in order to stay in compliance. And he’ll share a proactive approach to addressing open source software supply chain health and security upstream.
If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this briefing.
Cooking with Tidelift
When cooking for friends or family, many of us go out of the way to seek the freshest, tastiest ingredients possible. You may have favorite producers at the local farmers market, or brands from the grocery that you've come to know and trust. But when choosing the ingredients that make up our open source applications, we often bring in new libraries without any guarantees that they are safe and well maintained.
We wanted to distill the idea of managing open source down to something so simple, you could explain it to a child, so that’s why we wrote a children’s book about enterprise open source software management. Yes, we just used the phrases “children’s book” and “enterprise open source software” in the same sentence.
We call it Cooking with Tidelift, and it will show you how we can help you create catalogs of known-good, proactively maintained open source components to ensure your apps are as safe and healthy as they can be.
The 2021 Tidelift open source maintainer survey
In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.
Over the following pages, we’ll share nine of the most interesting findings with you.
Thinking upstream about White House cybersecurity order 14028
A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.
Recent high profile breaches like the Colonial Pipeline ransomware attack or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.
Tidelift CEO and co-founder Donald Fischer shares his perspective on how the cybersecurity executive order impacts software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close in order to stay in compliance. And he’ll share a proactive approach to addressing open source software supply chain health and security upstream.
If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this briefing.
Cooking with Tidelift
When cooking for friends or family, many of us go out of the way to seek the freshest, tastiest ingredients possible. You may have favorite producers at the local farmers market, or brands from the grocery that you've come to know and trust. But when choosing the ingredients that make up our open source applications, we often bring in new libraries without any guarantees that they are safe and well maintained.
We wanted to distill the idea of managing open source down to something so simple, you could explain it to a child, so that’s why we wrote a children’s book about enterprise open source software management. Yes, we just used the phrases “children’s book” and “enterprise open source software” in the same sentence.
We call it Cooking with Tidelift, and it will show you how we can help you create catalogs of known-good, proactively maintained open source components to ensure your apps are as safe and healthy as they can be.
Take control of your open source supply chain with Tidelift catalogs
The phrase “software supply chain” is making unlikely front-page headlines thanks to the breach impacting SolarWinds and its customers around the world. Meanwhile, open source continues to become a larger and larger part of application development, with our research showing that 92% of applications contain open source components.
So for organizations now seeing software supply chain health as a key imperative, tackling open source software supply chain health is more critical than ever.
During this short, 30-minute webinar our product team demonstrates how you can use the Tidelift Subscription as the heart of an effective open source supply chain management strategy.
In this webinar:
- We'll show you how to design a comprehensive strategy for managing open source usage across the organization.
- We’ll demonstrate Tidelift custom catalogs, including the ability to create, track, and manage catalogs of open source components and the policies that govern them across the organization.
- We'll explore how Tidelift-managed catalogs can give your organization a head start on building a paved path of approved components for development teams to use, similar to how the larges.