Tidelift

This week we released a new Tidelift company video that in 3 minutes articulates the problem Tidelift solves, how we solve it, and what makes us unique. 1️⃣ Problem: Using bad #opensource packages slows teams down and creates risk to organizations' revenue, data, and customers. 2️⃣ How Tidelift helps: Tidelift helps organizations proactively reduce their reliance on bad open source packages. 3️⃣ What makes us unique: We are the only company that partners with the #maintainers of 1000s of the most-relied-upon open source packages and pays them to make their packages healthier and more secure. Watch it for yourself today! 📽 If you want to talk further with us about anything you see in the video, get in touch with us here: https://lnkd.in/gksz64h8

David Dzergoski, Problem Solver at Tidelift gives valuable insight on building adaptable DevSecOps environments. David emphasizes the importance of understanding existing processes and tools while maintaining a clear mission objective. Key takeaways include the need for comprehensive toolsets, avoiding vendor lock, and ensuring effective communication across all organizational levels. By fostering a workgroup mentality and embracing small, iterative failures, agencies can improve efficiency, reduce cyber risk, and stay agile. This approach is essential for evolving missions and achieving success in federal software development. 🔍Learn more: https://lnkd.in/ehb-cWnY Presented by Tidelift & Carahsoft #FedGovToday #DevSecOps #Agile #Cybersecurity #GovernmentTech #SoftwareDevelopment

What do open source maintainers think about #AI? 🤔 Take a sneak peak into the 2024 Tidelift state of the open source maintainer report with selected snippets, as presented by Tidelift CEO and co-founder Donald Fischer 👇

From dorm room Linux installations to safeguarding global open source infrastructure! Join Open at Intel host Katherine Druckman and Tidelift Co-Founder Luis Villa as they discuss the high-stakes world of open source governance and maintainer burnout. Give it a listen: https://intel.ly/3YMO0XS

“If we take away open source tomorrow, it’s very safe to say our infrastructure would collapse.” Tidelift co-founder and general counsel, Luis Villa, lays out why open source is critical infrastructure on the Open.Intel podcast with host Katherine Druckman. From open source beginnings, community as the core of open source, and the always spicy topic of #AI, the two stress the importance of recognizing the important role open source plays in our society. On #opensource as critical structure, Luis continues: “We’ve been talking about infrastructure as an analogy since ‘Roads and Bridges.’ [...] Open source has been taken for granted. [Open source software components] are going to be with us for dozens, hundreds of years—embedded in our systems. We need to be thinking about how we are building systems that are generationally robust. And ‘just finding the next maintainer’ is not the solution. It’s a stop gap.” Much like all other types of infrastructure, open source requires support. Katherine highlights the need to back open source #maintainers, especially by those who profit off of their work: “If the people who are ultimately profiting off from these things do not support the creation and maintenance of them, it falls apart. You can say that at any level, down to a single maintainer to a giant foundation. I think a big part of this conversation, about solving our critical problems in our community, is cross pollination—getting people to talk to each other. So many people are working on different solutions for similar problems. That was the entire spirit of open source, getting together and collaboratively solving the problem.”  There’s so much more covered in this episode that you won’t want to miss! Listen to the episode on your app of choice, or check it out here 🎙️👉 https://lnkd.in/gJuYW9G5

What is a “bad” open source package? 😵 In Tidelift VP of Product Lauren Hanford’s latest blog post in ITPro Today, she answers this question. ✅ From the article: “A package may be considered bad if it is abandoned, deprecated, or declared end-of-life. Or it may not have published security policies or respond to security issues—often because there is only one maintainer.” “Bad packages not only create #security #risk that can impact your organization's revenue, data, and customers, but they also suck up valuable development time when you need to replace them, work around them, or deal with endless cycles of vulnerability remediation.” How can organizations reduce reliance on bad #oss packages? 🤔 Lauren offers 4 ways: 1. Evaluate packages before pulling them in for application development. 🕵️ The best way to avoid risk from bad packages is to ensure they don't make their way into your application in the first place. 2. Actively monitor the open source packages in use. 📊Open source packages are constantly changing, and so it is important to monitor and review updates after making the initial decision to use a package or version. 3. Identify and eliminate bad packages you've already adopted. ❌ 4. Reinforce at-risk packages to keep them from becoming bad. 💪 You can read more about how your organization can move away from using bad open source packages, including what questions to ask during each of the questions above 🔼, on ITPro Today: https://lnkd.in/gBqd3iJP

25 years ago yesterday, August 11th, as part of its IPO, Red Hat made the first notable effort to pay maintainers and other contributors for their work on #opensource. Today, Chris Grams, CMO at Tidelift, hits rewind ⏪ and revisits the day: what went down, why it matters, and its impact. Read his summary below ⬇ and checkout the entire post on the Tidelift blog:

Tidelift's maintainer survey data is cited in today's Office of the National Cyber Director, The White House report: "In the open-source software ecosystem, individual contributors to open-source software voluntarily support projects of their own choosing, unlike a traditional supply chain model where “suppliers” are tasked and compensated for their contributions. According to Tidelift, Inc., more than half of open-source software maintainers describe themselves as “unpaid hobbyists” who do not earn their income from sustaining open-source software projects." Glad to see this concerted effort by the U.S. government to deeply understand and engage open source software creators, and the citizens that depend on them.

The 2024 Tidelift state of the open source maintainer survey is officially closed! A huge thank you to everyone who submitted responses! ✅ 🧡 The data we collect in our state of the open source maintainer surveys helps Tidelift better support #opensource maintainers and continue to make the case for getting maintainers the resources they need to continue maintaining healthy and secure open source projects. Keep an eye out for the results. We're excited to share them with you! 👀

What's it like to be an #opensource maintainer in 2024? While the state of the open source maintainer survey continues to collect responses (Open until August 5th! ➡ https://lnkd.in/gNm4f-8W), let’s take a look back to our maintainer panel from this year’s Upstream. 👥 In an annual Upstream tradition, Tidelift hosted a group of maintainers to hear firsthand what it’s like to be an #oss maintainer. This year's panel included Valeri Karpov (Val) from Mongoose, Irina Nazarova of Evil Martians, Tatu Saloranta of jackson-databind, and Wesley Beary, who maintains popular Ruby projects fog and excon. In today’s featured clip, Val discusses the impact of financial support when confronting competing priorities. From the talk: “...we all need to find a way to make money to support ourselves and our families. So if it's not via your open source project, then you need to work on something else, and then your work on the open source project comes out of your free time, basically. And I'm very fortunate that I can make a decent income working on my open source projects, but I know that if I had a full time job and my open source projects didn’t pay anything, I’d have to choose between: Okay, do I work on this open source project that’s sometimes kind of thankless and people are mean to me on the internet about it? Or do I go spend time with my kids?” To hear from all of the maintainer panelists, you can watch the entire talk (and many others!) on the Upstream site: https://lnkd.in/gkGakTJA