{"id":52622,"date":"2023-10-11T15:36:45","date_gmt":"2023-10-11T19:36:45","guid":{"rendered":"https:\/\/sdtimes.com\/?p=52622"},"modified":"2023-10-11T15:36:45","modified_gmt":"2023-10-11T19:36:45","slug":"tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/","title":{"rendered":"Tidelift introduces new intelligence capabilities for minimizing open-source risk"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Tidelift has added new intelligence capabilities that will help customers minimize risk related to using open-source components. These capabilities are being added to <\/span><a href=\"https:\/\/tidelift.com\/subscription\"><span style=\"font-weight: 400;\">Tidelift Subscription<\/span><\/a><span style=\"font-weight: 400;\">, which is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The company has access to open-source package intelligence data through partnerships with thousands of open-source projects. It pays the maintainers of those projects to follow secure development practices, like the ones outlined in the NIST Secure Software Development Framework and the OpenSSF Scorecards project.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tidelift also aggregates data from upstream package managers and source repositories into a centralized format. This data is then analyzed by Tidelift\u2019s data team, which provides contextual insights on it.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tidelift Subscription also includes a Software Bill of Materials feature to enable companies to build a list of all the components that are in use.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It also includes capabilities to help companies meet the upcoming compliance requirements from the U.S. government on supply chain security. These include a standardized attestations report and the ability to dynamically track attestations.\u00a0\u00a0<\/span><\/p>\n<p><b>RELATED CONTENT: <\/b><a href=\"https:\/\/sdtimes.com\/security\/what-the-national-cybersecurity-strategy-means-for-software-providers\/\"><b>What the National Cybersecurity Strategy means for software providers<\/b><\/a><\/p>\n<p><span style=\"font-weight: 400;\">&#8220;Solutions like the Tidelift open source data intelligence capabilities can be ideal for organizations seeking human-validated data on the secure software development practices used in open source projects, &#8221; said Jim Mercer, research vice president of DevOps and DevSecOps at IDC. &#8220;These types of insights can equip organizations with detailed and validated first-party information about the secure software development practices used by the open source projects in their software supply chain that can help them strengthen their security posture and assist them with complying with emerging government compliance requirements.&#8221;<\/span><\/p>\n<p>&nbsp;<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Tidelift has added new intelligence capabilities that will help customers minimize risk related to using open-source components. These capabilities are being added to Tidelift Subscription, which is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.\u00a0 The company has access to open-source package intelligence data through partnerships with thousands of  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":752,"featured_media":52623,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[102,16101,15092],"coauthors":[11687],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Tidelift introduces new intelligence capabilities for minimizing open-source risk - SD Times<\/title>\n<meta name=\"description\" content=\"Tidelift Subscription is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tidelift introduces new intelligence capabilities for minimizing open-source risk - SD Times\" \/>\n<meta property=\"og:description\" content=\"Tidelift Subscription is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-11T19:36:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png\" \/>\n\t<meta property=\"og:image:width\" content=\"744\" \/>\n\t<meta property=\"og:image:height\" content=\"786\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jenna Barron\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Barron\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\"},\"author\":{\"name\":\"Jenna Barron\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\"},\"headline\":\"Tidelift introduces new intelligence capabilities for minimizing open-source risk\",\"datePublished\":\"2023-10-11T19:36:45+00:00\",\"dateModified\":\"2023-10-11T19:36:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\"},\"wordCount\":284,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png\",\"keywords\":[\"open source\",\"Supply Chain Security\",\"Tidelift\"],\"articleSection\":[\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\",\"url\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\",\"name\":\"Tidelift introduces new intelligence capabilities for minimizing open-source risk - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png\",\"datePublished\":\"2023-10-11T19:36:45+00:00\",\"dateModified\":\"2023-10-11T19:36:45+00:00\",\"description\":\"Tidelift Subscription is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png\",\"width\":744,\"height\":786},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tidelift introduces new intelligence capabilities for minimizing open-source risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\",\"name\":\"Jenna Barron\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"caption\":\"Jenna Barron\"},\"description\":\"Jenna Barron is News Editor of SD Times.\",\"url\":\"https:\/\/sdtimes.com\/author\/jennifer-sargent\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Tidelift introduces new intelligence capabilities for minimizing open-source risk - SD Times","description":"Tidelift Subscription is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/","og_locale":"en_US","og_type":"article","og_title":"Tidelift introduces new intelligence capabilities for minimizing open-source risk - SD Times","og_description":"Tidelift Subscription is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.","og_url":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2023-10-11T19:36:45+00:00","og_image":[{"width":744,"height":786,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png","type":"image\/png"}],"author":"Jenna Barron","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jenna Barron","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/"},"author":{"name":"Jenna Barron","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786"},"headline":"Tidelift introduces new intelligence capabilities for minimizing open-source risk","datePublished":"2023-10-11T19:36:45+00:00","dateModified":"2023-10-11T19:36:45+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/"},"wordCount":284,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png","keywords":["open source","Supply Chain Security","Tidelift"],"articleSection":["Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/","url":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/","name":"Tidelift introduces new intelligence capabilities for minimizing open-source risk - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png","datePublished":"2023-10-11T19:36:45+00:00","dateModified":"2023-10-11T19:36:45+00:00","description":"Tidelift Subscription is a program that provides evaluations on security, licensing, and maintenance risks of open-source software.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/10\/Screen-Shot-2023-10-11-at-3.36.24-PM.png","width":744,"height":786},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/open-source\/tidelift-introduces-new-intelligence-capabilities-for-minimizing-open-source-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"Tidelift introduces new intelligence capabilities for minimizing open-source risk"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786","name":"Jenna Barron","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e","url":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","caption":"Jenna Barron"},"description":"Jenna Barron is News Editor of SD Times.","url":"https:\/\/sdtimes.com\/author\/jennifer-sargent\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/52622"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/752"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=52622"}],"version-history":[{"count":1,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/52622\/revisions"}],"predecessor-version":[{"id":52624,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/52622\/revisions\/52624"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/52623"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=52622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=52622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=52622"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=52622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}