Tidelift partners with the original creators of thousands of the most widely used open source packages to ensure that secure development practices are in place, and any open problems are resolved.
Key work items that your Tidelift subscription pays for include:
- Ensuring security research will be accepted
- Reviewing any security vulnerabilities to give better signal on how developers can (or if they should!) address vulnerabilities
- Ensuring that their own package dependencies are not carrying risk
- Not abandoning the package!
All of these things work together to reduce risk to your organization, and reduce the time and cost of less healthy, less resilient open source software.