Tidelift
Tidelift
  • Видео 153
  • Просмотров 13 394
Paying maintainers to improve their project’s security practices: the urllib3 story
urllib3 is a critical package in the Python ecosystem, with over 450 million downloads each month. Its security is vital, as it handles web requests and certificate validation.
Thanks to Tidelift, maintainers Seth Michael Larson, Andrey Petrov, and Quentin Pradet have been able to improve security practices, including adding two-factor authentication and automating release processes. Their efforts led to urllib3 achieving an impressive 9.6/10 score on the OpenSSF Scorecard. Tidelift customers contribute directly to these improvements, ensuring the ongoing health and security of the project.
Learn more about the Tidelift Subscription: tidelift.com/subscription
Learn about the Tidelift maint...
Просмотров: 37

Видео

Evaluating open source packages with Tidelift1:07Evaluating open source packages with Tidelift
Evaluating open source packages with Tidelift
Просмотров 230День назад
Discover how Tidelift empowers application developers to confidently use open source packages. Tidelift partners with the maintainers of thousands of popular open source packages, ensuring industry-leading secure software development practices. Learn more about the Tidelift Subscription: tidelift.com/subscription Learn about the Tidelift maintainer advantage: tidelift.com/the-tidelift-maintaine...
Paying open source maintainers to reduce security risk (the jackson-databind story)1:26Paying open source maintainers to reduce security risk (the jackson-databind story)
Paying open source maintainers to reduce security risk (the jackson-databind story)
Просмотров 8521 день назад
Jackson-databind is a critical Java package used by millions and relied upon by nearly 19,000 other open source projects. It faced significant security risks due to remote code execution vulnerabilities, prompting some to consider re-architecting their applications. Tidelift began supporting Tatu Saloranta, the project's maintainer, enabling him to implement secure development practices and re-...
Tidelift browser extension and VS Code integration3:08Tidelift browser extension and VS Code integration
Tidelift browser extension and VS Code integration
Просмотров 57Месяц назад
Help your development teams prevent bad open source dependencies from entering your applications by using Tidelift’s browser extension and VS Code integration.
Using Tidelift with GitLab Pipelines2:26Using Tidelift with GitLab Pipelines
Using Tidelift with GitLab Pipelines
Просмотров 46Месяц назад
Learn how you can use Tidelift along with GitLab pipelines to reduce risk in your organization before it gets deployed to your environments. Learn more about the Tidelift Subscription: tidelift.com/subscription Learn about the Tidelift maintainer advantage: tidelift.com/the-tidelift-maintainer-advantage Book a demo: tidelift.com/solutions/schedule-demo
Understanding the difference between data from Libraries.io and the Tidelift Subscription35:15Understanding the difference between data from Libraries.io and the Tidelift Subscription
Understanding the difference between data from Libraries.io and the Tidelift Subscription
Просмотров 813 месяца назад
How can organizations make the most informed decisions on eliminating risks associated with open source software? In the fast-paced world of #softwaredevelopment , making informed decisions about which open source packages to use is more critical than ever. While free and open source tools like Libraries.io provide a useful starting point, such tools often fall short when it comes to delivering...
Financial support for open support as a means of curbing bad actors2:01Financial support for open support as a means of curbing bad actors
Financial support for open support as a means of curbing bad actors
Просмотров 154 месяца назад
What's it like to be an open source maintainer in 2024? In an annual Upstream tradition, we sit down with a group of maintainers to hear directly from them to find out. This year's panel includes Valeri Karpov from Mongoose, Irina Nazarova of Evil Martians, Tatu Saloranta of jackson-databind, and Wesley Beary, who maintains popular Ruby projects fog and excon. In this clip, Val theorizes that p...
The benefits of making money doing open source projects1:16The benefits of making money doing open source projects
The benefits of making money doing open source projects
Просмотров 234 месяца назад
What's it like to be an open source maintainer in 2024? In an annual Upstream tradition, we sit down with a group of maintainers to hear directly from them to find out. This year's panel includes Valeri Karpov from Mongoose, Irina Nazarova of Evil Martians, Tatu Saloranta of jackson-databind, and Wesley Beary, who maintains popular Ruby projects fog and excon. In this clip, Val shares his persp...
We need to support open source maintainers so they can do more security and maintenance work1:50We need to support open source maintainers so they can do more security and maintenance work
We need to support open source maintainers so they can do more security and maintenance work
Просмотров 44 месяца назад
In this Upstream fireside chat, Tidelift co-founder and general counsel Luis Villa sits down with Fiona Krakenbürger from the Sovereign Tech Fund and Mirko Boehm from the Linux Foundation Europe to discuss the impending CRA legislation in the EU (the biggest government stick to date) and the Sovereign Tech Fund’s “carrot” approach to funding open security. In this clip, Fiona talks about why su...
Aeva Black on what organizations can do to start their journey to support open source1:56Aeva Black on what organizations can do to start their journey to support open source
Aeva Black on what organizations can do to start their journey to support open source
Просмотров 154 месяца назад
In this Upstream session, two of CISA’s leading security experts, Aeva Black and Jack Cable, share more about the industry-wide effort they are leading to make security a core business requirement in products versus an aftermarket technical feature. In this clip, Aeva talks about how organizations can get started with improving their open source usage, including signing the Secure by Design ple...
Company responsibility: recognizing the value of open source & supporting the open source community1:16Company responsibility: recognizing the value of open source & supporting the open source community
Company responsibility: recognizing the value of open source & supporting the open source community
Просмотров 54 месяца назад
In this Upstream session, two of CISA’s leading security experts, Aeva Black and Jack Cable, share more about the industry-wide effort they are leading to make security a core business requirement in products versus an aftermarket technical feature. In this clip, Aeva talks about how organizations can use open source responsibly and why this includes supporting the open source community. Watch ...
What we can learn from vehicle safety legislation2:16What we can learn from vehicle safety legislation
What we can learn from vehicle safety legislation
Просмотров 44 месяца назад
In this Upstream session, two of CISA’s leading security experts, Aeva Black and Jack Cable, share more about the industry-wide effort they are leading to make security a core business requirement in products versus an aftermarket technical feature. In this clip, Jack explains how those wanting to secure the open source software supply chain should take notes from vehicle safety legislation. Wa...
Solving open source problems: it's going to take time, but there is a lot of hope1:55Solving open source problems: it's going to take time, but there is a lot of hope
Solving open source problems: it's going to take time, but there is a lot of hope
Просмотров 114 месяца назад
In early 2024, we all dealt with yet another attack on a popular open source project; this time, in the Linux-level package used for file compression called xz utils. What was most sinister about this attack, though, was how deeply it impacted trust within the open source community. In this panel moderated by Tidelift VP of product Lauren Hanford, Josh Bressers of Anchore discusses why solving ...
The important thing is to relieve the capital burden on maintainers1:16The important thing is to relieve the capital burden on maintainers
The important thing is to relieve the capital burden on maintainers
Просмотров 44 месяца назад
In early 2024, we all dealt with yet another attack on a popular open source project; this time, in the Linux-level package used for file compression called xz utils. What was most sinister about this attack, though, was how deeply it impacted trust within the open source community. In this panel moderated by Tidelift VP of product Lauren Hanford, Jordan Harband, prolific Javascript maintainer,...
We all need to be fighting for open source: those who make it and those who use it1:51We all need to be fighting for open source: those who make it and those who use it
We all need to be fighting for open source: those who make it and those who use it
Просмотров 194 месяца назад
In early 2024, we all dealt with yet another attack on a popular open source project; this time, in the Linux-level package used for file compression called xz utils. What was most sinister about this attack, though, was how deeply it impacted trust within the open source community. In this panel moderated by Tidelift VP of product Lauren Hanford, Rachel Stephens from RedMonk. how this changes ...
Transparency: proprietary software versus open source software2:33Transparency: proprietary software versus open source software
Transparency: proprietary software versus open source software
Просмотров 824 месяца назад
Transparency: proprietary software versus open source software
Why we need to rethink CVE prioritization1:24Why we need to rethink CVE prioritization
Why we need to rethink CVE prioritization
Просмотров 284 месяца назад
Why we need to rethink CVE prioritization
An introduction to the idea of patch management revolution1:57An introduction to the idea of patch management revolution
An introduction to the idea of patch management revolution
Просмотров 214 месяца назад
An introduction to the idea of patch management revolution
Professor Frank Nagle on the recent efforts of open source and the timing of the HBS study1:40Professor Frank Nagle on the recent efforts of open source and the timing of the HBS study
Professor Frank Nagle on the recent efforts of open source and the timing of the HBS study
Просмотров 124 месяца назад
Professor Frank Nagle on the recent efforts of open source and the timing of the HBS study
The Tidelift Subscription: Eliminating risk from bad open source packages2:59The Tidelift Subscription: Eliminating risk from bad open source packages
The Tidelift Subscription: Eliminating risk from bad open source packages
Просмотров 2974 месяца назад
The Tidelift Subscription: Eliminating risk from bad open source packages
The 8.8 trillion dollar value of open source software2:03The 8.8 trillion dollar value of open source software
The 8.8 trillion dollar value of open source software
Просмотров 264 месяца назад
The 8.8 trillion dollar value of open source software
Moving past the CVE back-and-forth0:51Moving past the CVE back-and-forth
Moving past the CVE back-and-forth
Просмотров 284 месяца назад
Moving past the CVE back-and-forth
Open source maintainers are not contracted vendors1:01Open source maintainers are not contracted vendors
Open source maintainers are not contracted vendors
Просмотров 344 месяца назад
Open source maintainers are not contracted vendors
An example of how security teams respond to CVEs1:48An example of how security teams respond to CVEs
An example of how security teams respond to CVEs
Просмотров 294 месяца назад
An example of how security teams respond to CVEs
Finding our way out of the CVE dungeon2:03Finding our way out of the CVE dungeon
Finding our way out of the CVE dungeon
Просмотров 124 месяца назад
Finding our way out of the CVE dungeon
Scanner mentality getting in the way of securing the software supply chain1:18Scanner mentality getting in the way of securing the software supply chain
Scanner mentality getting in the way of securing the software supply chain
Просмотров 144 месяца назад
Scanner mentality getting in the way of securing the software supply chain
Upstream 2024 | Panel: State of the open source maintainer in 202448:09Upstream 2024 | Panel: State of the open source maintainer in 2024
Upstream 2024 | Panel: State of the open source maintainer in 2024
Просмотров 755 месяцев назад
Upstream 2024 | Panel: State of the open source maintainer in 2024
Upstream 2024 | Panel: New approaches to open source security and resilience from financial services50:32Upstream 2024 | Panel: New approaches to open source security and resilience from financial services
Upstream 2024 | Panel: New approaches to open source security and resilience from financial services
Просмотров 355 месяцев назад
Upstream 2024 | Panel: New approaches to open source security and resilience from financial services
Upstream 2024 | How to Make Your Open Source Project Popular20:00Upstream 2024 | How to Make Your Open Source Project Popular
Upstream 2024 | How to Make Your Open Source Project Popular
Просмотров 815 месяцев назад
Upstream 2024 | How to Make Your Open Source Project Popular
Upstream 2024 | How can we get CVEs out of GitHub Issues?23:00Upstream 2024 | How can we get CVEs out of GitHub Issues?
Upstream 2024 | How can we get CVEs out of GitHub Issues?
Просмотров 925 месяцев назад
Upstream 2024 | How can we get CVEs out of GitHub Issues?