This week we released a new Tidelift company video that in 3 minutes articulates the problem Tidelift solves, how we solve it, and what makes us unique. 1️⃣ Problem: Using bad #opensource packages slows teams down and creates risk to organizations' revenue, data, and customers. 2️⃣ How Tidelift helps: Tidelift helps organizations proactively reduce their reliance on bad open source packages. 3️⃣ What makes us unique: We are the only company that partners with the #maintainers of 1000s of the most-relied-upon open source packages and pays them to make their packages healthier and more secure. Watch it for yourself today! 📽 If you want to talk further with us about anything you see in the video, get in touch with us here: https://lnkd.in/gksz64h8
Tidelift
Software Development
Boston, MA 3,458 followers
Tidelift helps organizations effectively manage the open source behind modern applications.
About us
Tidelift helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers a comprehensive management solution, including the tools to create customizable catalogs of known-good, proactively maintained components backed by Tidelift and its open source maintainer partners. Tidelift enables organizations to accelerate development and reduce risk when building applications with open source, so they can create even more incredible software, even faster.
- Website
-
http://tidelift.com
External link for Tidelift
- Industry
- Software Development
- Company size
- 11-50 employees
- Headquarters
- Boston, MA
- Type
- Privately Held
- Founded
- 2017
- Specialties
- open source, open source software, open source software security, open source software management, and software supply chain security
Locations
-
Primary
50 Milk St, 16th Floor
Boston, MA 02109, US
Employees at Tidelift
Updates
-
Tidelift reposted this
Big news to share today! Tidelift has signed a definitive agreement to be acquired by Sonar, the leading provider of code quality and security solutions. For Tidelift and Sonar customers, this will be a powerful combination. 💪 Both organizations have deep open source roots, a developer-first focus, and a shared interest in proactively improving the quality and security of code. Sonar’s code quality and security solutions are used by over 7 million developers and 400,000 organizations worldwide, including the DoD, Microsoft, NASA, MasterCard, Siemens, and T-Mobile. These solutions help developers prevent code quality and security issues from ever reaching production, resulting in more secure, reliable, and maintainable software. Tidelift helps organizations improve the health and security of the open source powering their applications and is the only source for human-validated data about the secure development practices followed by the world’s most critical open source projects. With the addition of capabilities from Tidelift, Sonar will be able to help its customers analyze, improve, and secure all code, including code written by developers, AI-generated code, and open source libraries. Tidelift customers and maintainer partners will not experience any disruption to their current experience, and we’ll have more details to share in early 2025 as Tidelift is fully integrated into Sonar. Read the press release: https://bit.ly/3P1c5ns
-
Tidelift reposted this
Sonar is thrilled to share that it has entered a definitive agreement to acquire Tidelift! This strategic addition allows Sonar to address code-level issues everywhere – in open source software, developer-written code, and AI-generated code. Together, we’re committed to improving the health and security of open source projects, ensuring that enterprise applications are more secure and reliable. Link to the PR in the comments below ⬇️ #opensource #codequality #cybersecurity #code #devops #devsecops #SLDC #SSDF #softwaresupplychain
-
Big news to share today! Tidelift has signed a definitive agreement to be acquired by Sonar, the leading provider of code quality and security solutions. For Tidelift and Sonar customers, this will be a powerful combination. 💪 Both organizations have deep open source roots, a developer-first focus, and a shared interest in proactively improving the quality and security of code. Sonar’s code quality and security solutions are used by over 7 million developers and 400,000 organizations worldwide, including the DoD, Microsoft, NASA, MasterCard, Siemens, and T-Mobile. These solutions help developers prevent code quality and security issues from ever reaching production, resulting in more secure, reliable, and maintainable software. Tidelift helps organizations improve the health and security of the open source powering their applications and is the only source for human-validated data about the secure development practices followed by the world’s most critical open source projects. With the addition of capabilities from Tidelift, Sonar will be able to help its customers analyze, improve, and secure all code, including code written by developers, AI-generated code, and open source libraries. Tidelift customers and maintainer partners will not experience any disruption to their current experience, and we’ll have more details to share in early 2025 as Tidelift is fully integrated into Sonar. Read the press release: https://bit.ly/3P1c5ns
Sonar to Acquire Tidelift to Reduce Risk From Open Source Software
sonarsource.com
-
We're excited to dig deeper into Tidelift's IDE integrations, designed to simplify shift left strategies for enterprise developers. Highlights covered in this post include: - Improving the developer experience by providing visibility into the overall security posture of applications with insights beyond vulnerabilities, while also reducing build rejections - Shifting left to track and resolve open source software-related technical debt from within the IDE - Avoiding time-consuming rework by providing information about dependency issues the moment they are introduced Read the post to learn more https://bit.ly/3B76etC
-
This year’s Tidelift maintainer impact report is now available! 🎉 We release a new maintainer impact report annually to shine a light on the most current and compelling evidence of the positive impact that organizations can expect to achieve—outcomes that reduce organizational risk and improve operational efficiency—when they invest directly in their open source software supply chain by paying maintainers. 💸🤝 For this year’s report, we wanted to connect secure upstream open source software with meaningful customer outcomes. To do this, we are featuring a case story of how one Tidelift customer improved the security and resilience of an important Python application used to analyze and forecast commercial pricing in a competitive, highly regulated industry. We wanted to see how they were able to improve the application’s security and resilience over a two-year period with help from Tidelift and our open source maintainer partners. Bottom line results: This customer is able to set accurate pricing, drive profitability, and improve their margins because their developers have been able to reduce the organization’s reliance on abandoned, end-of-life, or otherwise insecure open source packages that are costing them time and money. Specifically, they: 💰 Saved $1.1 million of organizational time across engineering, legal, and security that would have been spent on requirements research and engineering implementation time 🔒 Reduced application risk by turning 37% of this customer’s independently maintained packages from an “unknown future” to reliably secured and maintained, with a plan in place to grow that percentage to 58% in 2025 and 80% in 2026 Links to the maintainer impact report and the blog post announcing it in the comments! 👇
-
Introducing urllib3 👋 urllib3 is a critical package in the Python ecosystem, with over 450 million downloads each month. Its security is vital, as it handles web requests and certificate validation. 🌐 🔐 Thanks to Tidelift and its paying customers, maintainers Seth Michael Larson, Illia Volochii, Andrey Petrov, and Quentin Pradet have been able to improve security practices, including adding two-factor authentication and automating release processes. Their efforts led to urllib3 achieving an impressive 9.6/10 score on the OpenSSF Scorecard. 🎉 📈 Check out the video below to learn more! 👇
-
The latest article by IEEE Spectrum explores some of the most pressing issues facing open source software. The common thread: open source maintainers are overwhelmed and need support. The article features the 2024 Tidelift state of the open source maintainer report, citing the top three things that respondents to the survey said they disliked about being an open source maintainer: - Not being financially compensated enough or at all for their work - Feeling underappreciated or “like the work is thankless” - Adding to their personal stress Author Rina Diane Caballar discusses the recent WordPress lawsuit, what maintainers have to say, and possible solutions to this crisis. Read more on IEEE Spectrum 👉 https://lnkd.in/giHn79Wg
-
Are you familiar with security challenges surrounding open source software? 🤔 In a new interview with Michael Vizard at Techstrong TV, Tidelift CEO and co-founder Donald Fischer, and Sonatype CTO and co-founder Brian Fox explore the impact paying maintainers can have on making the software supply chain more secure. They share evidence from new Tidelift and Sonatype surveys that shows when maintainers are paid, they invest more in keeping their projects secure and reliable. Early this year, the Harvard Business School set out to approximate the value of open source and found that its value sits at about 8.8 trillion dollars (yes, trillion 😵💫). By comparison, the entire U.S. electrical grid is valued at 1.5- 2 trillion dollars, and the U.S. interstate highway system is valued at 750 billion dollars. It’s more than safe to say that open source is vital infrastructure in our modern society. But unlike the electrical grid and the interstate highway system, open source isn’t publicly funded. Yet, we expect open source maintainers to keep their open source projects secure, maintained, and up to industry and government standards. (At this year’s Upstream, Tidelift co-founder and General Counsel Luis Villa sat down with Frank Nagle, one of the authors of this Harvard Business School study, to discuss how the numbers came to be and what this finding means for open source maintainers and software supply chain security. You can find the link in the comments below.) In this year’s Tidelift state of the open source maintainer report, we found: - Bad news, 60% of open source maintainers report being unpaid for their work - Good news, those who are paid spend more time on their projects and are almost twice as likely to be able to prioritize remediating security vulnerabilities A direct quote from Brian, “Why can’t we peel off a fraction of a percent of that [the 8.8 trillion value] to help support those very people? When that happens, these things will get solved. Until then, it’s an uphill battle.” And from Donald, “The number one pain point that maintainers are reporting when we ask them this question [What do you dislike about being an open source maintainer?], is that a lot of folks are making a ton of money using their open source projects and assuming that they’re going to do all of this work to bring it to the enterprise grade, and they’re not getting paid for any of it. And that’s a really straightforward issue for us to solve.” To hear more about open source supply chain challenges along with findings from the 2024 Tidelift state of the open source maintainer report and from Sonatype's State of the Software Supply Chain report, you can watch the whole interview here 👉 https://lnkd.in/gK8BCw5z
-
Now playing 📺 : learn how your organization can use open source packages with confidence with help from Tidelift and our maintainer partners. 🤝 Tidelift partners with the maintainers of thousands of the most relied upon open source packages, and pays them 💰 to implement industry leading secure software development practices and document the practices they follow. With Tidelift's package intelligence, application developers can proactively evaluate whether their open source package choices are secure and well maintained. 💪 🔒 Learn more in the video below 🍿 ↘️