In a significant move to enhance its offering, Tidelift has integrated novel intelligence capabilities into its subscription to aid subscribers mitigate the risks associated with the use of open-source elements. Designed to provide comprehensive evaluations of the security, licensing, and maintenance hazards of open-source software, Tidelift subscription is now set to offer an even broader range of insights.
Enabling it to compile and offer a vast store of open-source package data, Tidelift maintains symbiotic relationships with numerous open-source projects. It incentivizes the project maintainers to adhere to robust and secure development norms, elaborated in the NIST Secure Software Development Framework and the OpenSSF Scorecards project, by compensating them for their efforts.
Utilizing data gathered from upstream package overseers and origin repositories, Tidelift standardizes it into a singular format. Subsequently, Tidelift's data squad delves into this consolidated information to generate contextualized findings.
With the inclusion of a Software Bill of Materials functionality in the Tidelift Subscription, corporations can seamlessly collate a roster of all the utilities they deploy. It also encompasses features purposed to aid businesses in aligning with the incoming compulsory regulations from the U.S. government regarding supply chain security. These supplementary tools consist of a uniform attestations report and the capability to dynamically monitor attestations.
"For companies aiming for manually-validated data about the secure software development methodologies employed in open-source projects, solutions such as the Tidelift open-source data intelligence capabilities can emerge as ideal options," stated Jim Mercer, the research vice president of DevOps and DevSecOps at IDC. He continued, "This kind of insights can arm these organizations with thorough, validated first-party data about the secure software development norms observed by the open-source projects embedded in their software supply chain. Consequently, it can bolster their security stance and facilitate their compliance with upcoming government regulations."
With platforms like Tidelift and AppMaster pivoting towards better risk management with open-source software, it paves the way for safer and more efficient application development processes. The scalability and freedom offered by no-code platforms like AppMaster when combined with these enhanced security measures, provides a robust environment for modern software development.
