In an article published today in @TheNewStack , @Tidelift co-founder Luis Villa makes the case that #OSS should receive the same public investment attention as other incredibly valuable public goods like airports, roads, or the electrical grid.

bit.ly/3JWi6zi

We’re live! 🎥

Join us now to learn more about how your org can reduce reliance on bad OSS packages and ensure the packages you use keep getting better.

👉 tidelift.com/webinar/how-to…

We’re excited to be sponsoring RSA Conference again this year! 🥳
We’ll be at booth #5177. Stop by to learn more about the Tidelift maintainer advantage and how your organization can reduce #security risk from “bad” open source packages 🔐 📉 #RSAC
bit.ly/3UkLBQ5

Today! 💥

We’ll be covering 4 critical ways organizations can quickly start reducing their reliance on bad packages. This webinar is KEY if your organization builds applications with #OSS .

RSVP now and see you at 3 p.m. ET / 12 p.m. PT 👋

tidelift.com/webinar/how-to…

We're counting down to this year’s UpstreamOSS (Wed, June 5th!) with a series of rewinds ⏪

Today, we’re revisiting last year’s keynote with @Tidelift’s Luis Villa and #OSS maintainer Jordan Harband on the accidental supply chain and maintainer burnout

bit.ly/3xUYfxL

The DFRLab - @dfrlab.bsky.social at the Atlantic Council issued a new report last week that found that #opensource projects with funding have better security practices in place.

Read Tidelift VP of Product lauren rae hanford’s take:

bit.ly/3UtSKyX

Open source software is incredible ✨👏

But it matters which packages you choose for enterprise use. Some packages have been end-of-lifed for a good reason.

Join us Wed May 1 at 3 pm ET to learn about how your org can reduce reliance on bad OSS packages

tdlft.co/hu3JDT

Is #xz actually an open source success story?

@Tidelift CTO & co-founder Jeremy Katz shines an optimistic light on the xz utils backdoor hack 💡

Read his take on the Tidelift blog 🔽
bit.ly/3w2KsVa

Tidelift co-founder Luis Villa walks readers through how Tidelift partners with (and pays!) open source maintainers—and why it's a viable solution to securing the #OSS 'supply chain'

Read the full story and learn how you can pay the maintainers! 👉 bit.ly/3xEfSBS

As an Open Source developer, something like the XZ Utils targetted hack could happen to me. IMO, monetary compensation for OSS developers is part of the answer, as it provides a buffer against the mental health aspects of burnout Tidelift blog.tidelift.com/xz-tidelift-an…

I'm in this! Great conversation, thanks Tidelift

Tidelift CEO Donald Fischer sits down with Aaron Griswold on the @finosfoundation podcast to chat through his open source journey, and why he’s excited Tidelift joined FINOS:

podcasters.spotify.com/pod/show/finos…

As we count down to this year’s UpstreamOSS (June 5th!), we’ll be looking back at Upstream moments from years past. Today, we’re revisiting the maintainer state of the union panel featuring open source maintainers Gary Gregory, Ceki Gülcü, and Jason R. Coombs:

bit.ly/4aRY9VI

The XZ Utils near-cyber disaster really should not have come as a surprise. Volunteer-run open source code projects are often managed by just one person, so if you use that code, the security of it your responsibility. informatech.co/49wp1cL #XZutils

Great read: @darkreading reporter Jaikumar Vijayan explores the hard truth about the $8.8 trillion business that open source built: the maintainers who built the scaffolding? Many are the same as the maintainer of #xz —unpaid volunteers on the brink of burnout

tdlft.co/vNv59W

In her latest post, Tidelift's lauren rae hanford explains why it is crucial to support OSS maintainers, why the current model of running scans to look for CVEs in open source code is *not* working, & a viable path towards more secure, more reliable software

bit.ly/4cM2bAN

There are a lot of takes about automated ways to have caught or prevented the xz backdoor sooner, and some things surely could have helped!

None will address the root cause tho - you can’t preserve maintainers’ mental health unless you relieve their capital burden.

It’s a story we’ve heard before. An unpaid, volunteer maintainer who had burned out under the pressure of maintaining a highly relied upon package with little support.

How do we reduce the probability of attacks like this in the future?

Read our response bit.ly/4ainloC

Lots of `xz` takes like “I wish someone could figure out how to pay maintainers to help stem this sort of problem”.

So, hi: at Tidelift that’s what we’ve done for years.

👇🏽isn’t opportunistic; it has been our mission from day 1. CTOs, CISOs: drop us a note—salesTidelift.com.

Our Startup Snapshot is LIVE!

Catch up w/our #startups in our latest blog👇

BINARLY🔬
HYCU, Inc.
Lightbits Labs
Uniphore
Whatfix
Nobl9
Aliro Quantum
Island.io
SGNL
Tidelift

🔗hubs.ly/Q02qB4TL0

#ciscoinvests