Tidelift ✨

Cover image for $27m to improve open source health and security with Tidelift’s partnered maintainers
Lyn Muldrow for Tidelift

Posted on

$27m to improve open source health and security with Tidelift’s partnered maintainers

Today we’re excited to announce that Tidelift has closed on $27 million of Series C funding, led by Dorilton Ventures with participation by Kaiser Permanente, Atlassian Ventures, General Catalyst, and Foundry Group.

Here’s what this means for you.

Open source is an opportunity so big it’s hard to see

Like so many things in modern life, the scale of the modern open source software movement boggles the mind. Millions of projects. 90% of applications contain open source. Open source makes up 70% or more of any given application.

Open source software is so pervasive, it can become invisible.

But software is a human artifact. It’s made by people. In the case of the libraries, frameworks, and packages that make up most of the code in modern applications, the overwhelming majority of the people behind that code never signed up to be part of some organization’s “software supply chain.”

But the fact is: we collectively rely on the maintainers of open source.

And that’s an opportunity for everyone.

Maintainers are the key to open source software supply chain security

We founded Tidelift to pursue a simple, but powerful idea: for every popular open source package, some person or team made that software. Millions of other people, in thousands of organizations, rely on that software. Can we align the interests of those humans in a novel way where everyone wins, by paying the maintainers to comprehensively validate that their packages meet defined, production-ready standards?

Over the past few years, we’ve proven that, in fact, we can—and that we can scale it.

Tidelift now partners with the maintainers of thousands of popular open source projects used in application development. We’ve paid millions of dollars directly to independent open source maintainers. We’ve built a software platform that helps organizations that serve our society—financial institutions, health care providers, technology companies, government agencies—improve the health of the open source that flows into the applications that their customers, employees, and citizens rely on. Just last week, we were named a 2022 Gartner® Cool Vendor.

Tidelift has demonstrated the win-win.

Now it’s time for the creators and consumers of open source software to win even bigger, together.

New energy and attention, but still powered by people
The conversation around open source supply chain security continues to evolve. In the aftermath of Log4Shell and similar jarring episodes, governments, industry consortia, and organizations of all types are weighing in with proposed requirements, standards, and specifications.

All this fresh energy and activity is tremendous, and long overdue. It’s shining a spotlight on issues that too many have taken for granted for too long.

But amid all this commotion, we can’t forget: there are still people behind all that open source software.

All the specifications, standards, and tools in the world won’t help us if we can’t align the interests of the humans who create and the humans who rely on open source software.

That’s why we’re thrilled to have secured this new funding, inviting some new partners to the table, helping us scale Tidelift so that we can serve the needs of even more organizations and even more open source maintainers.

Top comments (0)