<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">
Upstream PC Image

Upstream Resources

Help your organization move upstream!

Upstream community


Frame 9

Tracy Bannon from MITRE talks OSS supply chain security and how to help your overburdened dev team

For years, experts have been telling the government to take stock of the software supply chain by generating software bills of materials and defining standards and policies for use.


The Hacktoberfest maintainer wishlist

Tidelift ecosystem strategy lead Josh Simmons and maintainer Isabel Costa sit down to discuss meaningful ways new contributors can participate in Hacktoberfest.


Supporting the Python community by “shifting left”

Tidelift co-founder Luis Villa and Kevin Fleming, the head of open source community engagement at Bloomberg, chat about ways that corporate users of open source software can partner with the ecosystems who provide that software, in order to improve the end-to-end experience for everyone.


10 questions you should answer before using an open source project

When it comes to open source software security, many organizations rely heavily on software scanning (often called software composition analysis or SCA) as the primary means of defense.

Proactive approach case study

The value of a proactive approach to open source application security

Learn how one large organization saved over $1.6M in manual package evaluation time and eliminated over 3,000 points of risk in applications running in production.


How to reduce your organization's reliance on "bad" open source packages

Tidelift's Lauren Hanford goes over the ways to reduce your organizations reliance on “bad” open source packages and will review what “bad” open source package really means.