Sponsor: Tidelift

The 2021 Tidelift open source maintainer survey

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Over the following pages, we’ll share nine of the most interesting findings with you.

Get Whitepaper

Thinking upstream about White House cybersecurity order 14028

A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.

Recent high profile breaches like the Colonial Pipeline ransomware attack or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.

Tidelift CEO and co-founder Donald Fischer shares his perspective on how the cybersecurity executive order impacts software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close in order to stay in compliance. And he’ll share a proactive approach to addressing open source software supply chain health and security upstream.

If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this briefing.

View Now

Cooking with Tidelift

When cooking for friends or family, many of us go out of the way to seek the freshest, tastiest ingredients possible. You may have favorite producers at the local farmers market, or brands from the grocery that you've come to know and trust. But when choosing the ingredients that make up our open source applications, we often bring in new libraries without any guarantees that they are safe and well maintained.

We wanted to distill the idea of managing open source down to something so simple, you could explain it to a child, so that’s why we wrote a children’s book about enterprise open source software management. Yes, we just used the phrases “children’s book” and “enterprise open source software” in the same sentence.

We call it Cooking with Tidelift, and it will show you how we can help you create catalogs of known-good, proactively maintained open source components to ensure your apps are as safe and healthy as they can be.

View Now

Take control of your open source supply chain with Tidelift catalogs

The phrase “software supply chain” is making unlikely front-page headlines thanks to the breach impacting SolarWinds and its customers around the world. Meanwhile, open source continues to become a larger and larger part of application development, with our research showing that 92% of applications contain open source components.

So for organizations now seeing software supply chain health as a key imperative, tackling open source software supply chain health is more critical than ever.

During this short, 30-minute webinar our product team demonstrates how you can use the Tidelift Subscription as the heart of an effective open source supply chain management strategy.

In this webinar:

  • We'll show you how to design a comprehensive strategy for managing open source usage across the organization.
  • We’ll demonstrate Tidelift custom catalogs, including the ability to create, track, and manage catalogs of open source components and the policies that govern them across the organization.
  • We'll explore how Tidelift-managed catalogs can give your organization a head start on building a paved path of approved components for development teams to use, similar to how the larges.


View Now

The Tidelift guide to managed open source

How to develop an effective strategy for maintaining the health of your organization’s open source supply chain

Managed open source is a strategic way for organizations to consistently manage, secure, and maintain the health of their open source supply chain. This guide explains how a managed open source strategy can help your development team save time and reduce risk when using open source to develop applications.

Learn more about:

  • What a managed open source strategy is and how it works
  • The areas in which unmanaged open source drains productivity and increases risk
  • How to create, track, and manage customizable catalogs of known-good, proactively maintained open source components

View Now