- Видео 148
- Просмотров 13 571
Tidelift
Добавлен 7 дек 2018
Simply put, our mission is making open source work better-for everyone.
Learn more at: tidelift.com/
Learn more at: tidelift.com/
The Tidelift Subscription: Eliminating risk from bad open source packages
Bad open source packages can slow down your team and create risks for your organization's revenue, data, and customers. Tidelift helps reduce reliance on such packages by partnering with maintainers of thousands of open source projects, ensuring they are healthier and more secure. With the Tidelift Subscription, organizations can evaluate and monitor packages, eliminate bad ones, and improve overall security, productivity, and application quality.
Learn more at: tidelift.com/
Transcription:
Using bad open source packages is slowing your team down and creating risk to your organization's revenue, data, and customers. When you don't know where end-of-life, abandoned, or insecure packages exis...
Learn more at: tidelift.com/
Transcription:
Using bad open source packages is slowing your team down and creating risk to your organization's revenue, data, and customers. When you don't know where end-of-life, abandoned, or insecure packages exis...
Просмотров: 104
Видео
The 8.8 trillion dollar value of open source software
Просмотров 15День назад
In this Upstream fireside chat, Tidelift co-founder and general counsel Luis Villa sits down with Frank Nagle, assistant professor in the Strategy Unit at Harvard Business School, to discuss the recent paper called The Value of Open Source Software that Frank co-authored. This paper concluded that open source is worth $8.8 trillion dollars. In this clip, Frank discusses the finding. Watch the f...
Moving past the CVE back-and-forth
Просмотров 26День назад
In his Upstream session, James Berthoty CEO of Latio Tech provides an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. In this clip, he explains how, to move past the CVE back-and-forth, we need to pay open source maintainers and build a better working relationship with them. Watch the full talk here: explore.t...
Open source maintainers are not contracted vendors
Просмотров 28День назад
In his Upstream session, James Berthoty CEO of Latio Tech provides an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. In this clip, he emphasizes that open source maintainers, who are often volunteers, are not contracted vendors. Watch the full talk here: explore.tidelift.com/upstream/upstream-2024/upstream-24...
An example of how security teams respond to CVEs
Просмотров 20День назад
In his Upstream session, James Berthoty CEO of Latio Tech provides an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. In this clip, he show how security teams often respond to CVEs. Watch the full talk here: explore.tidelift.com/upstream/upstream-2024/upstream-24-james-berthoty Transcript: But just to give an ...
Finding our way out of the CVE dungeon
Просмотров 8День назад
In his Upstream session, James Berthoty CEO of Latio Tech provides an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. In this clip, he introduces why the scanner mentality is preventing us from security the software supply chain. Watch the full talk here: explore.tidelift.com/upstream/upstream-2024/upstream-24...
Scanner mentality getting in the way of securing the software supply chain
Просмотров 12День назад
In his Upstream session, James Berthoty CEO of Latio Tech provides an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. In this clip, he discusses why the scanner mentality is preventing us from securing the software supply chain. Watch the full talk here: explore.tidelift.com/upstream/upstream-2024/upstream-24-...
Upstream 2024 | Panel: State of the open source maintainer in 2024
Просмотров 60Месяц назад
What's it like to be an open source maintainer in 2024? In an annual Upstream tradition, we sit down with a group of maintainers to hear directly from them to find out. This year's panel includes Valeri Karpov from Mongoose, Irina Nazarova of Evil Martians, Tatu Saloranta of jackson-databind, and Wesley Beary, who maintains popular Ruby projects fog and excon. We'll ask them about how the recen...
Upstream 2024 | Panel: New approaches to open source security and resilience from financial services
Просмотров 28Месяц назад
For obvious reasons, the financial services industry has been a leader in embracing new approaches to ensuring the security and resilience of the open source software we all depend on. In this panel we'll learn what a few top experts are doing within their organizations to harden their defenses and invest in the open source they depend on, while sharing advice and strategies that all organizati...
Upstream 2024 | How to Make Your Open Source Project Popular
Просмотров 70Месяц назад
This talk summarizes my 15 years making open source tools. Some of them have become popular (PostCSS, Autoprefixer, and Nano ID have more than 60M downloads per month) but most projects did not (but their fails taught me more than the successful projects). The talk is not about the dark patterns, but about the things which many maintainers forget: about the users and the fact, that users don’t ...
Upstream 2024 | How can we get CVEs out of GitHub Issues?
Просмотров 78Месяц назад
In this session I'll give an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. I'll cover the nature of vulnerability scanners and compliance requirements that make security teams submit numerous unvalidated vulnerabilities upstream. I'll also talk about why these reports drive maintainers crazy, and the current...
Upstream 2024 | Government carrot v stick: Exploring 2 approaches to improving open source security
Просмотров 61Месяц назад
Governments are starting to believe that their traditional hands-off approach to open source no longer makes sense. But what then? Europe is providing examples of both “carrot” and “stick”: providing incentives to people and organizations to do more security work (i.e. the carrot) or penalizing them for not doing the work or after security incidents happen (i.e. the stick). In this fireside cha...
Upstream 2024 | Fireside chat: How a large Canadian telecommunications organization built an OSPO
Просмотров 48Месяц назад
When this Canadian telecommunications’ corporate security team came up with directives and policies, they realized that many of these security directives were around open source-and there was no shared foundation in IT on how to follow them. There was no support, tooling, guidance around licensing. This was back in 2019, long before Log4Shell shook the world. This telecommunications company kne...
Upstream 2024 | Secure by design: a proactive approach to open source health and security
Просмотров 143Месяц назад
In this session two of CISA’s leading security experts will share more about the industry-wide effort they are leading to make security a core business requirement in products versus an aftermarket technical feature. They’ll share historical analogies of where this design-first approach has had real impact in other industries, and they’ll cover how they are working directly with industry leader...
Upstream 2024: Panel: Life after the xz utils backdoor hack
Просмотров 95Месяц назад
In late March, we all dealt with yet another attack on a popular open source project; this time, in the Linux-level package used for file compression called xz utils. What was most sinister about this attack, though, was how deeply it impacted trust within the open source community. The attacker spent years engineering multiple sock puppet accounts to gain the trust of the volunteer xz utils ma...
Upstream 2024 | Patch management needs a revolution
Просмотров 115Месяц назад
Upstream 2024 | Patch management needs a revolution
Upstream 2024 | Fireside chat: The value of open source software
Просмотров 69Месяц назад
Upstream 2024 | Fireside chat: The value of open source software
Upstream 2024 | Welcome to Upstream 2024: Unusual ideas to solve the usual problems
Просмотров 234Месяц назад
Upstream 2024 | Welcome to Upstream 2024: Unusual ideas to solve the usual problems
Open source maintainer Jordan Harband on why paying maintainers improves open source security
Просмотров 24Месяц назад
Open source maintainer Jordan Harband on why paying maintainers improves open source security
Open source maintainer Seth Michael Larson on the potential changes to contributions post-xz hack
Просмотров 46Месяц назад
Open source maintainer Seth Michael Larson on the potential changes to contributions post-xz hack
Open source maintainer Val Karpov discusses the xz hack and anonymous contributions in open source
Просмотров 83Месяц назад
Open source maintainer Val Karpov discusses the xz hack and anonymous contributions in open source
Open source maintainer Jordan Harband on life after xz and vetting potential contributors
Просмотров 456Месяц назад
Open source maintainer Jordan Harband on life after xz and vetting potential contributors
Maintainer Gary Gregory shares whether xz changes the way he might vet potential contributors
Просмотров 17Месяц назад
Maintainer Gary Gregory shares whether xz changes the way he might vet potential contributors
Open source maintainer Val Karpov on the xz utils backdoor hack
Просмотров 155Месяц назад
Open source maintainer Val Karpov on the xz utils backdoor hack
How to use Tidelift to select better packages
Просмотров 1382 месяца назад
How to use Tidelift to select better packages
Open source software intelligence demo | Tidelift
Просмотров 585 месяцев назад
Open source software intelligence demo | Tidelift
Tidelift VP of Public Sector Robert Wickham on open source and innovation with Fed Gov Today
Просмотров 535 месяцев назад
Tidelift VP of Public Sector Robert Wickham on open source and innovation with Fed Gov Today
Upstream 2023 | Findings from the journey upstream | Donald Fischer
Просмотров 131Год назад
Upstream 2023 | Findings from the journey upstream | Donald Fischer
Upstream 2023 | How we treat others is a supply chain issue
Просмотров 231Год назад
Upstream 2023 | How we treat others is a supply chain issue
I like it. It's nice to see a company focus on open-source project maintainers. You might want to include a link to your company website.
I'd argue it's partly due to the philosophy ljharb has and the combative nature how we just doesn't want to drop compatibility to already dead engines or node versions. He seems like a nice guy but it doesn't help when his "best practices" are kind of made up and never feel like progress can be made. Especially when 1 package is then pulling in 50 dependencies just to polyfill features that are part of the standard library of node
Very educative and fun to watch ! Thanks !
...which xkcd comic am I supposed to be picturing?
This was an interesting keynote. I learned something new. Thanks for sharing.
😂 Promo SM
The software organization as sports team, vs factory floor, is a great insight.
Love this project, great interview !
Cannot wait to see more content from you :) so stunning and epic :)
😭 p̷r̷o̷m̷o̷s̷m̷
Wow, this was pretty good!
Material-UI is an amazing library, it helped me a lot.