<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">
Luis Villa
Tidelift
Luis Villa
Co-founder and Upstream host

Tidelift
Welcome to Upstream 2024: Unusual ideas to solve the usual problems

A recent Harvard Business Review study found that open source is worth $8.8 trillion. To put that in perspective, the US interstate highway system is valued at only $742 billion and the entire U.S. electrical grid is valued at only $1.5 - 2 trillion. So, in a world where open source has become one of the most valuable pieces of infrastructure we have, why is open source health and security still not a solved problem? In the wake of the recent xz utils hack, where an unpaid and underappreciated open source maintainer was taken advantage of by an extremely sophisticated hacker, Luis Villa will use this opening talk to make the case that our current way of “fixing” open source health and security is simply not working, and that we need to explore new ideas that match the value of what we’ve created. We’ll surface some of the best ideas we’ve heard through the course of the day.

A recent Harvard Business Review study found that open source is worth $8.8 trillion. To put that in perspective, the US interstate highway system is valued at only $742 billion and the entire U.S....

10-questions

10 questions you should answer before using an open source project

When it comes to open source software security, many organizations rely heavily on software scanning (often called software composition analysis or SCA) as the primary means of defense.

Proactive approach case study

The value of a proactive approach to open source application security

Learn how one large organization saved over $1.6M in manual package evaluation time and eliminated over 3,000 points of risk in applications running in production.

1200x628 (4)

The guide to reducing security risk from bad open source packages

In this guide, we'll discuss how your organization can reduce risk by avoiding “bad” open source packages.