Log4Shell, Open Source Maintenance, And Why SBOMs Are Critical Now

Tidelift CEO and co-founder Donald Fischer and guest speaker Forrester Principal Analyst Sandy Carielli discussed some of the key lessons organizations can learn from Log4Shell along with some critical recommendations organizations can use to prepare for handling similar issues down the road.

Sandy and Donald talked about how enterprise organizations should:

  • Use software bills of materials to better understand and manage their open source software supply chain.
  • Enhance their visibility of the open source components being used and the associated transitive dependencies.
  • Focus on proactive open source maintenance and how to better prepare their teams to quickly mitigate the risk of future vulnerabilities.
  • Consider the role open source maintainers play in risk planning and mitigation.

View Now

Ten Steps For Preparing a TOGAF Project

A large number of enterprise architecture (EA) projects fail to realize their initial goals, despite the use of good architecture frameworks and methods. TOGAF is one of the most widely used EA frameworks and is trusted by hundreds of large organizations, but by itself does not guarantee success. Effective preparation can make all the difference.

This poster will go through 10 steps that an enterprise architecture team should take priority to embark on a TOGAF project. Embracing these steps can deliver better comprehension of initiatives, full stakeholder buy-in, and an understanding of the position of an EA project relative to the wider organization and industry.

Download now to find out:

  • The essential knowledge necessary for starting a project
  • Why alignment might be the most important aspect for success
  • How to achieve sustainability in an EA team

View Now

The Definitive Enterprise Architecture Blueprint

As we approach a new decade, rapid technical changes and advances present a raft of new challenges for business leaders. For CIOs in particular, the stakes have never been so high; a plethora of new opportunity abounds, but get the dynamic between business and IT wrong, and the company will become fragmented, its tools and process unwieldy and impossible to manage.

An enterprise architecture practice makes it possible to model the entire organization and make informed strategic decisions. From here solutions across the business can be derived with a full understanding of their implications, and an effective realtime analysis of their success.

View Now

CIO Challenges: Mounting Technical Debt with an Unclear Roadmap

The concept of technical debt has been well understood in software development for decades, but it applies just as well to a firm’s overall technology infrastructure. Enterprises will often maintain legacy systems well beyond their useful life, or cut corners to meet project deadlines and then fail to adjust or update the technology workarounds used. As these old and low quality systems proliferate, costs rise and it becomes increasingly difficult to enact changes.

This eBook will look at how technical debt will mount for businesses and the difficulties of addressing this problem without a clear and sensible roadmap.

View Now

The 2021 Tidelift Open Source Maintainer Survey

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Over the following pages, we’ll share nine of the most interesting findings with you.

Get Whitepaper

OSS Supply Chain Security and How to Help Your Overburdened Dev Team

In this Upstream chat, Tracy Bannon from MITRE joined us to discuss why it took so long, what is happening now that will help organizations positively impact their own security preparedness, and how we can bring forward good ideas and warnings in the future.

She discussed how to talk about risk profile and ways organizations can force-rank priorities. She also discussed why it’s important to reduce cognitive load on the development teams and why it’s important to offload some tasks onto trusted vendors.

Tidelift CEO and co-founder Donald Fischer then joined the discussion and explained how all this applies to open source software specifically. Donald and Tracy discussed the recently disclosed security vulnerability in the Apache log4j project, which has been dubbed “Log4Shell”, why it’s important to address quickly, how to address it, and how to better prepare for future vulnerabilities. You won't want to miss this.

View Now

Everything You Need to Know About the Log4Shell Vulnerability

Log4j is a popular library for logging things in Java applications. Practically every organization that uses Java (Maven/Gradle) uses Log4j and has likely been impacted by the log4shell vulnerability.

In this 20-minute briefing, Tidelift solutions architect lead Mark Galpin shares what you need to know about the recent Log4Shell vulnerability—and demos how Tidelift can help.

Mark breaks down the current situation and shares tips for remediating the issue. You won't want to miss this.

View Now

The No-Nonsense Guide to Microsoft 365 Delegated Administration

The needs required by today’s complex IT environments that span multiple locations goes well beyond the intended capabilities of out of the box Microsoft 365 (M365).

Download this white paper to learn more about:

  • Security challenges related to native M365
  • How to delegate administration and access in M365
  • The ROI of delegated administration
  • And more

View Now

The 2021 Tidelift Open Source Maintainer Survey

In early 2021, Tidelift fielded its first-ever comprehensive survey of open source maintainers. Nearly 400 maintainers responded with thoughts about how they fund their work, what they enjoy about being a maintainer, what they don’t like so much, along with a host of other interesting insights.

Over the following pages, we’ll share nine of the most interesting findings with you.

Get Whitepaper

Thinking Upstream About White House Cybersecurity Order 14028

A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.

Recent high profile breaches like the Colonial Pipeline ransomware attack or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.

Tidelift CEO and co-founder Donald Fischer shares his perspective on how the cybersecurity executive order impacts software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close in order to stay in compliance. And he’ll share a proactive approach to addressing open source software supply chain health and security upstream.

If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this briefing.

View Now

Cooking with Tidelift

When cooking for friends or family, many of us go out of the way to seek the freshest, tastiest ingredients possible. You may have favorite producers at the local farmers market, or brands from the grocery that you've come to know and trust. But when choosing the ingredients that make up our open source applications, we often bring in new libraries without any guarantees that they are safe and well maintained.

We wanted to distill the idea of managing open source down to something so simple, you could explain it to a child, so that’s why we wrote a children’s book about enterprise open source software management. Yes, we just used the phrases “children’s book” and “enterprise open source software” in the same sentence.

We call it Cooking with Tidelift, and it will show you how we can help you create catalogs of known-good, proactively maintained open source components to ensure your apps are as safe and healthy as they can be.

View Now

How Configuration Management Systems Deliver Change and Compliance

The fundamental capability which configuration management provides is backup and archiving of critical configuration data from network and server equipment. This along with collecting detailed inventory data provide the basis for managing change and compliance.

The ability to detect, report and alert on change in near real time improves overall service availability and reduces the time required to identify the cause of incidents and outages.

This paper is to help Network Engineers, IT Managers and Executive Leadership understand the benefits of configuration management and how it contributes to change and compliance management at the business.

View Now

Optimizing and Automating Event Management to Support Incident Management

Opie has just arrived in the office and sat down to check his email. “Holy moly!” He yells out. He is looking at a massive influx of email messages in his Inbox from the Event Management tool, which was just configured to send out the alert notifications via email. “There’s no way the operations team will be able to respond to all those notifications in an efficient and timely manner. There has to be a better way to handle and address network events.”

View Now

NMS Security Architecture Considerations & Approaches

The purpose of this article is to provide some practical guidance on securing Network Management systems and associated infrastructure. While it can’t make any guarantees of absolutely protecting from similar attacks in the future, implementing these approaches can make the job of an adversary significantly harder. It will also propose techniques for increasing the probability of detecting breaches, which should be a significant consideration within any security solution.

This article cannot provide exhaustive coverage. However, it will focus on delivering actionable guidance that will have a tangible impact in strengthening the Network Management’s security posture (and potentially other) Systems.

View Now

An IT Managers Guide to Network Process Automation

This guide is designed for IT Managers looking to implement Network Process Automation in their organisation. It discusses the best approach for change management and team buy-in, provides a methodology framework to use when considering the automation of a manual task in a network environment and the Tsteps to take in order to identify an effective test case for your organization.

View Now