S2E20: Tidelift

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson talk with Donald Fisher, co-founder and CEO of Tidelift, about managing open source software (OSS) and securing the software supply chain. Donald explains how Tidelift supports organizations by collaborating with open source maintainers to ensure OSS meets enterprise standards. 🛠️

🔑 Key Highlights:

• The role of Tidelift in managing OSS and ensuring enterprise readiness

• How open source maintainers are incentivized to meet security, licensing, and maintenance standards

• The importance of a Software Bill of Materials (SBOM) in understanding what software flows into your applications

• Lessons learned from high-profile vulnerabilities like Log4Shell and SolarWinds

• The evolving focus on software supply chain security, especially after recent government mandates

• How Tidelift blends software tools with human expertise to secure OSS

• Insights into the future of OSS, security best practices, and maintaining software resilience

Donald shares his thoughts on how organizations can better manage OSS risk while empowering the open source community to contribute securely and sustainably.