Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Securing your open-source software supply chain with Tidelift catalogs

February 3, 2021
in Internet Security
Securing your open-source software supply chain with Tidelift catalogs
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Do you think about what routines, sub-programs, libraries, and routines go into the software you use? You should. The Solarwinds security disaster, which will be causing trouble from now until the end of 2021, happened because the company fouled up its software supply chain. This, in turn, screwed millions of users. Open source can help prevent such disasters, but open-source methods need more supply chain improvements too. Now, Tidelift, an open-source management company has a way to help manage the open-source software supply chain’s health and security with Tidelift catalogs.  

With catalogs, part of the Tidelift Subscription, companies get a comprehensive approach to curating, tracking, and managing their open-source components. This works whether you’re using other group’s open-source programs or your own “inner-source” code. Here’s how:

You might also like

Ransomware as a service is the new big problem for business

Microsoft: We’re cracking down on Excel macro malware

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

  • A paved path: Organizations can accelerate development and reduce security and licensing-related risk by defining and curating catalogs of known-good, proactively maintained open source components. Developers can draw from them safely without fear of late-breaking deployment blockers.

  • Clear policies: Organizations can set and automatically enforce standards early in the development lifecycle, such as an organization’s license policies.

  • Integrated experience: The Tidelift Subscription integrates with existing source code and repository management tools so developers don’t need to change their workflow. They can pull approved components and submit new ones for approval directly from the command line.

Don’t think that’s important to your company because you “don’t use open source”? Oh please! A recent Tidelift study showed that 92% of enterprise software projects contain open-source dependencies and, in those projects, as much as 70% or more of the code was open source. I live and breathe software development; I think those numbers are on the low side. 

Donald Fischer, Tidelift’s CEO and co-founder, explained,  “As software supply chain security makes frontpage news in 2021, it’s more important than ever that application development teams employ a comprehensive approach to managing the open-source components that make up their applications. With the addition of catalogs to the Tidelift Subscription, organizations can be confident that they are using open source safely without slowing down development.”

That’s easy to say, but can you prove it? Tidelift thinks it can by introducing its first set of Tidelift-managed catalogs.  With these, your developers can pull from Tidelift-managed catalogs of known-good, proactively maintained components that cover common language frameworks such as JavaScript, Python, Java, Ruby, PHP, .NET, and Rust, backed by Tidelift and its partnered maintainers

These can give your business a head start on building approved components for your development teams. Your programmers will soon let you know if these catalogs really are enterprise-ready and meet their needs for clearly defined security, maintenance, and licensing programs.

This isn’t just for your programmers though. The company claims that with catalogs in place, the Tidelift Subscription can help people throughout your business. Specifically:

  • For managers: Increase development velocity while ensuring development teams are building with safe, approved, and compliant components from the start.

  • For developers: Move fast and avoid rework, eliminating late-breaking surprises that slow down development by using pre-approved, known-good components.

  • For information security: Get a single place to define, review, and enforce policies around security vulnerabilities in open-source components.

  • For legal: Get a single place to define, review, and enforce license policies and get indemnification to protect against licensing-related risk.

Tidelift’s not wrong. If they can deliver the goods with their catalogs, your company will benefit. 

As Al Gillen, IDC’s Group VP of Software Development and Open Source, said in a statement: “Recent software supply chain security compromises remind the industry how important it is to know where your software components come from, and to be able to trust those components. Open-source software is not immune to potential vulnerabilities, so it makes great sense to give your software development staff easy access to the components they need that meet enterprise standards. Tidelift’s expansion of the Tidelift Subscription to include catalogs of known-good open source addresses this need by collecting in one location a full suite of key open-source components that an organization relies on.”

If I were developing open-source software today, I’d be sure to kick Tidelift’s wheels. It might just be what we need until the day comes when we have what David A Wheeler, the Linux Foundation’s director of Open Source Supply Chain Security, has called Verified reproducible builds. These are source code builds which, “always produces the same outputs given the same inputs so that the build results can be verified. A verified reproducible build is a process where independent organizations produce a build from source code and verify that the built results come from the claimed source code”.

We won’t be there for a while yet, so in the meantime, approaches such as the one Tidelift approach makes perfect sense.

Related Stories:

Credit: Zdnet

Previous Post

Few Brands Have Mastered AI And Machine Learning 02/02/2021

Next Post

A Profile of Younger B2B Decision-Makers

Related Posts

Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill
Internet Security

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

March 4, 2021
Google patches actively exploited Chrome browser zero-day vulnerability
Internet Security

Google patches actively exploited Chrome browser zero-day vulnerability

March 4, 2021
High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
Next Post
A Profile of Younger B2B Decision-Makers

A Profile of Younger B2B Decision-Makers

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Generation Z: How post-millennial young people are engaging with blockchain
Blockchain

Generation Z: How post-millennial young people are engaging with blockchain

March 5, 2021
Machine intelligence – Spy agencies have high hopes for AI | Science & technology
Machine Learning

Machine intelligence – Spy agencies have high hopes for AI | Science & technology

March 5, 2021
8 concepts you must know in the field of Artificial Intelligence | by Diana Diaz Castro | Feb, 2021
Neural Networks

8 concepts you must know in the field of Artificial Intelligence | by Diana Diaz Castro | Feb, 2021

March 5, 2021
A Quick Guide to Understanding YouTube Ads [Infographic]
Marketing Technology

A Quick Guide to Understanding YouTube Ads [Infographic]

March 5, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

Is your Cloud infrastructure securely configured? Does your DevSecOps pipeline integrate ibm-terraform compliance checks? – IBM Developer

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws March 5, 2021
  • Generation Z: How post-millennial young people are engaging with blockchain March 5, 2021
  • Machine intelligence – Spy agencies have high hopes for AI | Science & technology March 5, 2021
  • 8 concepts you must know in the field of Artificial Intelligence | by Diana Diaz Castro | Feb, 2021 March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates