Tidelift Press Releases

Tidelift Achieves Key Milestones as Open Source Software Supply Chain Security Takes Center Stage

Written by Chris Grams | February 24, 2022

BOSTON, February 24, 2022 — Tidelift, a leading provider of solutions for improving the health and security of the open source behind modern applications, announced today that it has achieved several key milestones related to increased customer demand, expanded partnerships, and team additions as urgency grows around helping application development teams better manage the health and security of their open source software.

Driven by the recent Log4Shell vulnerability and the one impacting SolarWinds and its customers, along with increased government attention through the White House Cybersecurity Executive Order and the White House Meeting on Software Security, software supply chain security has come to the forefront of the industry. Tidelift’s accelerating momentum underscores the growing demand for new and innovative solutions that improve software supply chain health and security. 

“We feel empathy for the volunteer maintainers of Log4j and the developers at impacted organizations who lost countless hours, nights, and weekends mitigating the Log4Shell vulnerability,” said Donald Fischer, Chief Executive Officer at Tidelift. “If there is a silver lining, it is that because of Log4Shell, open source software supply chain security is finally getting the attention it deserves from government and industry leaders.” 

Increased customer demand in the wake of Log4Shell

Organizations are recognizing the importance of developing a strategic approach to managing the health and security of their software supply chain, which is driving a surge of interest in Tidelift. Recent customer wins span industries, including healthcare, finance, technology, and government. New and expanding customers include Bloomberg, Adobe, NASA Jet Propulsion Laboratory, IEEE, and the United States Air Force.

With the Tidelift Subscription in place, customers were able to much more quickly remediate the impact of Log4Shell. Tidelift created a security alert allowing customers to identify every application using impacted versions of Log4j immediately before the official CVE was even created. Tidelift then provided additional vulnerability guidance, including the recommended upgrade path and mitigation procedures and proactively reached out to all customers using Log4j so they were quickly aware of the severity of the vulnerability.

Paying the maintainers to keep open source healthy and secure

Tidelift is the only organization to have paid millions of dollars directly to independent open source maintainers in return for ensuring their projects meet the security, maintenance, and licensing standards required by enterprise organizations.

The Tidelift Subscription enables customers to help improve open source project health by paying the maintainers of the exact projects their organization uses. This unique approach ensures that not only the most visible projects get funded, but also that relatively unknown and extremely pervasive transitive dependencies (like Log4j, the project involved in the recent Log4Shell vulnerability) are eligible for income.

“Open source libraries and frameworks have historically relied on the efforts of volunteer maintainers who are not compensated for keeping their projects maintained to the standards large enterprises require,” said Luis Villa, co-founder of Tidelift. “We believe that the best way to prepare for future vulnerabilities like Log4Shell is to pay the maintainers for their important and valuable work, and Tidelift and our customers are making this the norm rather than the exception.”

Growing the Tidelift team

To meet increasing customer demand, Tidelift has nearly doubled employee headcount over the past year, and continues to actively recruit for a variety of positions across the organization. Current openings can be found on the Tidelift website.

Tidelift has also welcomed a new independent board member, Julia Austin. Julia is a seasoned technology executive, with a deep background including roles as VP of Engineering at Akamai, VP of Innovation at VMware, and as CTO of DigitalOcean. She is currently a Senior Lecturer at Harvard Business School where she teaches Startup Operations, a course for entrepreneurs launching businesses while earning their MBAs. Julia is also a certified Executive Coach, board member at hackNY, and the founder of Good for Her, a non-profit community for women founders that fosters their growth as they navigate their entrepreneurial journeys.

In January, Jon Shepherd joined Tidelift as Head of Sales. Jon is an experienced enterprise sales leader who, prior to Tidelift, was instrumental in growing Anaconda to tens of millions in recurring revenue, and previously was on the Netezza sales leadership team as the company grew to hundreds of millions in recurring revenue.

Tidelift also recently promoted Lauren Hanford to Head of Product and Design. As a four-year Tidelift veteran, Lauren has been key to the design of the strategy and product vision that are improving open source software supply chain health for our customers and ensuring more open source maintainers get paid.

Tidelift joins AWS ISV Accelerate

Tidelift recently joined the Amazon Web Services, Inc. (AWS) Independent Software Vendor (ISV) Accelerate program. The AWS ISV Accelerate program is a co-sell program for AWS Partners who provide software solutions that run on or integrate with AWS, and is dedicated to the global business development of partners. The Tidelift Subscription on AWS enables customers to efficiently manage the health and security of their open source software supply chain while removing the obstacles that slow down development.

“As pressure builds to comply with new requirements for securing the software supply chain, one of the most urgent tasks for application development teams is to implement a more comprehensive way to manage the health and security of the open source components they use,” said Donald Fischer, Chief Executive Officer at Tidelift. “Tidelift makes it possible for teams to build and deploy more secure applications to AWS faster by helping organizations create, track, and manage catalogs of pre-vetted open source components that meet defined security, licensing, and maintenance standards. We are excited to deepen our relationship with AWS through the AWS ISV Accelerate Program.”

About Tidelift

Tidelift helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/ 

###

Contact:

Kristen Wiltse
KW Communications
978-578-4047
kwiltse@comcast.net