Tidelift

This week we released a new Tidelift company video that in 3 minutes articulates the problem Tidelift solves, how we solve it, and what makes us unique. 1️⃣ Problem: Using bad #opensource packages slows teams down and creates risk to organizations' revenue, data, and customers. 2️⃣ How Tidelift helps: Tidelift helps organizations proactively reduce their reliance on bad open source packages. 3️⃣ What makes us unique: We are the only company that partners with the #maintainers of 1000s of the most-relied-upon open source packages and pays them to make their packages healthier and more secure. Watch it for yourself today! 📽 If you want to talk further with us about anything you see in the video, get in touch with us here: https://lnkd.in/gksz64h8

🚀 Join us for an exciting webinar: Top findings from the 2024 Tidelift state of the open source maintainer report! 📆 Thursday, October 17 🕐 1 p.m. ET / 10 a.m. PT One slightly alarming fact uncovered from the survey? Open source maintainers are, on average, getting older, year after year—and young maintainers are not replacing them. Will we one day live in a world where many maintainers have aged out of the working population without new maintainers stepping in? If so, what happens to open source? 🤔 Dive deep into this insight and others from our annual survey with Tidelift CMO (and data nerd 🤓 ) Chris Grams and a panel of distinguished guests. Discover key trends shaping the #opensource landscape and gain valuable insights into the maintainer community. Don't miss this opportunity to stay ahead of the curve in the world of open source! RSVP now ✅ https://lnkd.in/g6bQR7Sk

"INCENTIVES PAY OFF": Sonatype's latest research confirms that paid open source software maintainers show a clear lead in security practices. The results appear in Sonatype's 10th annual State of the Software Supply Chain report, new out today: https://lnkd.in/gYK9ZFAr This echoes the central finding of Tidelift's 2024 State of the Open Source Software Maintainer report, that paid maintainers implement  55% more critical security and maintenance practices than unpaid maintainers: https://lnkd.in/g7emecMN I'll be discussing these results and more about "The state of open source maintainers" with Sonatype CTO Brian Fox live at All Day DevOps today Thursday, Oct 10 at 3:30 PM ET: https://lnkd.in/e3RURxeN #ADDO2024 #DevSecOps #AllDayDevOps #SoftwareSupplyChain #CyberSecurity #OpenSource

“We need to be thinking about how we build systems that are generationally robust—that will last for 30, 40, 50, a hundred years—and just finding the next maintainer is not that solution. That's a stopgap measure toward building systems and organizations that can be more robust." — Luis Villa, co-founder and general counsel at Tidelift, speaking with Open at Intel host Katherine Druckman about the critical importance of open source software, the challenges faced by maintainers—including burnout—and how Tidelift works toward compensating maintainers. Read the full interview: https://intel.ly/3zVwJl9

📢 Next in our series on the Tidelift 2024 state of the open source maintainer report! Our 8th finding reveals a concerning trend: Almost half of maintainers feel underappreciated and like their work is thankless 😔 From the report: The main dislikes among maintainers: - 50% feel not financially compensated enough/at all 💰⛔ - 48% feel underappreciated or that their work is thankless 💔 - 43% say the work adds to their personal stress 😣 Which leads to another alarming statistic: 60% of maintainers have either quit or considered quitting their maintenance work. 🗣️ As one maintainer said: "Open source has powered a massive trillion-dollar injection of value into the world, the financial value of which has been reaped by large corporations, which on the whole give very little back to the ecosystem, not even appreciation, respect, or gratitude." These findings highlight a critical issue in the #opensource world. The disconnect between consumer expectations and maintainers' motivation is dangerous for the entire ecosystem. 🤔 What can we do to better support and recognize open source maintainers? Hear from more maintainers in the latest post on the Tidelift blog: https://lnkd.in/gBPPHGkb

New in the Tidelift Subscription! ✨ We’ve developed a number of integrations that allow developers to avoid bad packages (by which we mean bad-for-enterprise-use packages that are end-of-life, abandoned, or insecure), and reduce risk at critical points in the development lifecycle #SLDC: 📚 When researching software to use, via our new browser extension ⚒️ When developing software and making changes, via our new IDE extensions 🧰 When building software in CI pipelines, via our new GitLab integration These new capabilities, with the Tidelift Subscription, help our customers shift left ⬅️ by enabling their development teams to reduce risk to their revenue, data, and customers by identifying and eliminating bad, risky open source packages as early as possible. Learn about the new integrations 👉 https://lnkd.in/g2U2Jf-6

This Thursday, October 10th, at 3:30 pm ET! 📆 Tidelift CEO and co-founder Donald Fischer and Brian Fox, CTO and co-founder at Sonatype will be taking the virtual stage at All Day DevOps to discuss the threat created by ignoring the needs of overworked and underpaid maintainers against the backdrop of the rapidly-scaling #opensource ecosystem and increased attacks on the software supply chain. Register now for the free virtual event 📺 and don't miss this in-depth conversation on supporting open source maintainers and securing the software supply chain:  https://lnkd.in/gy_kqbDG

Incoming: new insights from the 2024 Tidelift state of the open source maintainer report! 📰 The 7th finding in our series: paid maintainers do more maintenance and documentation work than unpaid maintainers ⚒️ 💰 Here's what we found: 📊 Maintenance practices: - 53% of paid maintainers have code peer review processes (vs. 27% unpaid) - 59% have formal backwards compatibility policies (vs. 39% unpaid) - 40% have defined dependency management processes (vs. 24% unpaid) 📝 Documentation practices: - 74% of paid maintainers have published contributor guides (vs. 52% unpaid) - 65% have published codes of conduct (vs. 45% unpaid) - 76% provide documented release notes (vs. 63% unpaid) But here's the exciting part—many unpaid maintainers are willing to step up if compensated! For instance: - Succession planning could jump from 13% to 63%  - Formal issue prioritization could increase from 14% to 53% - Conflict resolution processes could rise from 17% to 50% — These findings highlight a critical message 👉 To ensure better maintained, more secure, and well-documented #opensource projects, we need to support maintainers financially. 💰 By investing in open source maintainers, we're not just improving individual projects – we're strengthening the entire open source ecosystem that powers so much of our digital world. Dive deeper into the numbers in Chris Grams’ latest post on the Tidelift blog: https://lnkd.in/g28fuXw7 Can’t wait for the next post? View the full report, linked in the comments 🖇️

Great to see how Cisco Security is leveraging our open source intelligence at Tidelift to enhance their Corona platform. Together, we've helped give Cisco developers... * deeper insights into vulnerabilities * guidance from the open source community on severity and remediation * access validated metadata and EOL information * enhanced visibility into transitive dependencies Or said simply, Tidelift is helping Cisco developers drive innovation while reducing costs.

Exciting news! 🎉 Tidelift, a Cisco Investments' portfolio company, is now powering Cisco's Corona platform with enhanced open-source security insights. 🔒 This collaboration not only strengthens our development practices but also delivers the most secure and reliable software solutions to our customers. Learn more in this article by Cisco's Director Of Security Engineering, Steve Lang: https://bit.ly/3Y9hxKw #CiscoInvests