- What makes Tidelift’s solution stand out is the organization’s partnership with the maintainers of open-source projects.
- The firm collaborates with thousands of open-source project maintainers to assess the security of components and collect advice on vulnerabilities.
Tidelift, an open-source supply chain security provider, revealed that it had secured USD27 million in a Series C funding round led by Dorilton Ventures. The Boston-based firm will use the funds to expand its operations and business reach to help mitigate health and security issues in open-source software.
Tidelift’s open-source administration answer, the Tidelift subscription, offers organizations a tool to create, track, and manage a complete catalogue of approved open-source parts to help them avoid using insecure components in their environments.
The firm also collaborates with thousands of open-source project maintainers to assess the security of components and collect advice on vulnerabilities.
This strategy has been designed to allow software growth teams to rapidly identify safe, open-source tools quickly while avoiding implementing any vulnerabilities within the surroundings that unscrupulous attackers may exploit.
Cracking down on open-source vulnerabilities
The announcement has come close to a wide crackdown launched on open-source threats across industries with the White Home Open Supply Safety Summit II not too long ago happening earlier this month and several tech giants, including Amazon, Google, and Microsoft, pledging millions of dollars to bolster the security of open-source software.
Tidelift is among the suppliers in the neighbourhood enjoying a direct function in securing the open supply provide chain, partnering with the maintainers of open-source projects, and paying them to improve the health and security of their solutions. At the same time, it provides development teams with a solution to add new components into the workflow.
“We help developers move fast by streamlining the development process to remove obstacles that slow down application development. Development teams can improve decision making with contextually relevant, maintainer-originated data made available directly in the software development lifecycle,” said co-founder and CEO of Tidelift, Donald Fischer.
“They can also create a catalogue of prevetted, approved open-source components that reduce duplicative work and accelerates development,” Fischer said.
The providers addressing open-source supply chain security
Tidelift’s investment additionally coincides with the massive growth of the global security and vulnerability management market, which is projected to grow from USD13.8 billion in 2021 to USD18.7 billion by 2026. The market size is expected to grow as organizations want to secure their environments and the software supply chain against threat actors.
Tidelift’s competitors are many, including FOSSA, which raised USD23.2 million in a Series B round of funding in 2020. The latter offers an open-source management platform with zero-configuration scanning for application vulnerabilities, end-to-end third-party code management, and license compliance.
Yet another competitor is Snyk, a solution that can automatically identify and remediate vulnerabilities in code, dependencies, or containers with security intelligence. The firm became one of the biggest providers focusing on securing the software supply chain recently as it raised USD530 million and achieved a USD8.5 billion valuation in September last year.
What makes Tidelift’s solution stand out is the organization’s partnership with the maintainers of open-source projects.
“We partner with them to ensure projects are enterprise-ready, meeting clearly defined security, licensing, and maintenance standards. And we pay them for the additional value they create by maintaining their projects to enterprise standards,” Fischer said.