Search company, investor...
Search
Tidelift company logo

The profile is currenly unclaimed by the seller. All information is provided by CB Insights.

tidelift.com

Founded Year

2017

Stage

Series C | Alive

Total Raised

$73.5M

Last Raised

$33.5M | 4 mos ago

Mosaic Score

+10 points in the past 30 days

What is a Mosaic Score?
The Mosaic Score is an algorithm that measures the overall financial health and market potential of private companies.

About Tidelift

Tidelift gives open source maintainers and project teams a platform and market for building highly profitable businesses around their projects. The platform provides the tools and audience necessary for them to deliver a professional and financially viable software experience. The company was founded in 2017 and is based in Boston, Massachusetts.

Tidelift Headquarters Location

50 Milk St 16th Floor

Boston, Massachusetts, 02109,

United States

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Research containing Tidelift

Get data-driven expert analysis from the CB Insights Intelligence Unit.

CB Insights Intelligence Analysts have mentioned Tidelift in 1 CB Insights research brief, most recently on May 25, 2022.

Latest Tidelift News

Neglecting Open Source Developers Puts the Internet at Risk

Sep 23, 2022

From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks. PDF Software is at the core of all modern businesses and is crucial in every aspect of operations. Almost every business will use open source software, knowingly or otherwise, since even proprietary software depends on open source libraries. OpenUK's 2022 "State of Open" report found that 89% of businesses were relying on open source software, but not all of them are clear on the details of the software they rely on. Businesses are increasingly demanding more information about their operation-critical software. Responsible businesses are taking a detailed interest in their software supply chain and creating a software bill of materials (SBOM) for each application. This level of information is crucial so that when security flaws are identified in their software, they can immediately be certain which software and versions are in use, and which systems are affected. Knowledge is power in these situations! Reliance on Volunteers In late 2021, a security vulnerability called Log4Shell was identified in a widely used Java logging framework, Log4j. Since this is a widely used, open source library, the vulnerability was well-publicized, and fixes were expected. However, the maintainers of the project were volunteers . They had day jobs and were not on call for urgent security fixes, even if a large number of systems were affected. This vulnerability alone was estimated to have affected 93% of enterprise cloud environments. At the time, there was some negative press about open source, but the truth is that if this was a closed-source component, the vulnerability may never have been publicly known, leaving organizations open to attack. The open source nature of the library meant that it could be inspected, the problems found, and advice offered by others. So, yes, the maintainers weren't on call for security problems in their volunteer project. The big question, then, is: How did we get into a situation where major companies were depending on software that was the responsibility of someone who does something else to pay their bills? Neglect of software dependencies is a risky business whatever the license of the software, but when it's open source and very widely used, it becomes especially dangerous. Sticking with the story of one vulnerability; the problem had existed in the codebase for years, but wasn't spotted. The tool that was so widely used was not, in fact, so widely supported — and what happened next is history . This story is repeated over and over, across so many businesses that have critical dependencies but don't take action to support either the maintainers or the projects themselves. Having an SBOM for the software used by a business means they have the information on hand. For organizations that supply software to others, the expectation of supplying the SBOM alongside the code is increasingly the norm. Know Dependencies to Assess Risk Bringing knowledge of the dependencies makes it easier to assess the risk associated with each one. These open source projects are the simplest to assess: are issues responded to, and have there been any releases recently? Being able to see the maintainers and project activity for each project gives good insight into the project's health. Businesses can play their part to reduce the risks by supporting the projects upon which they depend. Some projects accept sponsorship directly via the GitHub Sponsors scheme, others might instead appreciate offers of hosting, or a security audit. Every open source project appreciates contributions. If your business had created this library itself, then the engineers inside the company would have to fix every bug themselves. Open source is more like a shared ownership scheme. We don't all have to build the same thing repeatedly, but rather can contribute, which is both less effort and leads to better quality as a result. One of the most impactful things businesses can do is use a little of their engineering resources and contribute to bug fixes or features to projects that are so core to the business. Keeping your own engineers involved in a project has many benefits. They get to know it and can keep an eye on new features, or when a new release is available. Crucially, the business has insight into the health and status of the dependent project and is part of what keeps it healthy, reducing the risk to the business of a problem with a dependency. A number of organizations, including Aiven, have an OSPO (open source program office), with staff dedicated to contributing to or even maintaining the projects used by the organization. These departments often contribute to the general presence of the company in the open source ecosystem and enable other employees to engage with open source. Another approach is to support the organizations that exist to support open source. The OpenSSF (Open Source Security Foundation) works to improve the security of open source projects and is funded by the organizations that depend on those projects. It also publishes excellent learning resources so that businesses can educate themselves about the risks of the software they use. Another similar organization is Tidelift , which partners with maintainers to ensure certain basic requirements are met, again funded by the organizations. Tidelift also provides tooling and education to help businesses manage their software supply chain and adopt best practices in this area. Securing a Safer Software Future Businesses depend on software, and this includes open source software, which is widely used and typically more secure than proprietary alternatives. This is a smart move, but an even smarter move is to have clear knowledge of the software supply chain and its dependencies. When a problem does arise, depending on healthy projects and having the details of your software available helps every organization. If every organization did this, then the risk of having events such as the Log4Shell vulnerability are reduced.

Tidelift Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Tidelift Rank

  • When was Tidelift founded?

    Tidelift was founded in 2017.

  • Where is Tidelift's headquarters?

    Tidelift's headquarters is located at 50 Milk St, Boston.

  • What is Tidelift's latest funding round?

    Tidelift's latest funding round is Series C.

  • How much did Tidelift raise?

    Tidelift raised a total of $73.5M.

  • Who are the investors of Tidelift?

    Investors of Tidelift include General Catalyst, Foundry Group, AE Industrial Partners, Cisco Investments, AEI HorizonX and 6 more.

  • Who are Tidelift's competitors?

    Competitors of Tidelift include Snyk and 2 more.

You May Also Like

Chainguard Logo
Chainguard

Chainguard is a supply chain security firm that offers the Chainguard Services program. Its program provides supply chain audits, trainings, and integration services to make its clients' security platforms more secure. The company was founded in 2021 and is based in Kirkland, Washington.

Cymulate Logo
Cymulate

Cymulate is a cybersecurity startup that conducts penetration tests. The company develops a platform enabling enterprises to simulate cyber attacks while testing the security system's resilience from the potential attacker's perspective. Among other things, it assesses an enterprise's readiness for ransom and phishing attacks and for detecting more complicated breaches through which hackers can take over an enterprise's computers and apps. The platform offers solutions such as security posture management, exposure management, phishing awareness, external attack surface management, and more. The company was founded in 2016 and is based in Tel Aviv, Israel.

Bugcrowd Logo
Bugcrowd

Bugcrowd provides Crowdcontrol, which is used by companies to proactively uncover and resolve security bugs in their products - leveraging a vetted community of more than 27,000 security researchers. The company also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements.

SafeBreach Logo
SafeBreach

SafeBreach provides a platform that simulates hacker breach methods across the entire kill chain to identify breach scenarios in environments before an attacker does.

Skybox Security Logo
Skybox Security

Skybox Security is a provider in proactive security management solutions, offering automated tools that find and prioritize cyber risks such as vulnerabilities, firewall configuration errors, and access compliance issues. The company's solutions help IT security personnel continuously monitor security risks that could lead to a data breach or cyber-attack.

HackerOne Logo
HackerOne

HackerOne is a vulnerability management and bug bounty platform. HackerOne empowers companies to protect consumer data, trust, and loyalty by working with the global research community to surface the most relevant security issues.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.