Big news! Sonar has entered a definitive agreement to acquire Tidelift to enhance the security and resilience of open source software. Together, we’re raising the bar for code quality and security. Read the blog post from our CEO Donald Fischer:

Spoke to @PallardyCarrie for @InformationWeek on @CISAgov's Secure by Design pledge, OSS maintainers, and what comes next: "@tidelift is not only applying the principles in the pledge to its own software, but also helping open source maintainers achieve the pledge goals."

Missed the @tidelift Upstream event? You can watch them on demand now! Particularly my great discussion with Donald Fischer is available now, where we talk about patch management needing a revolution!

Fun fact: this @finosfoundation panel live right now was the first panel we filmed for #Upstream2024 this year! And now is finally your chance to hear from #finserv experts like @mindthegabz, @tosha_ellison, and @jm_stuff. @dff is your host. Join here: https://t.co/qe14DVM1Ra

Live now! 📣 #Upstream2024 Two of @CISAgov's leading security experts, @jackhcable & @aevavoom, join @dff to provide insights on the industry-wide effort they are leading to make #security a core business requirement in products 🔒 Watch here: https://t.co/x1uVo0Ml7E

"companies have a fiduciary duty to their shareholders to invest in their infrastructure and that includes open source" - @ljharb at @tidelift 's upstream 🙌🙌🙌

💥 It's a new Changelog & Friends! 💡 Is it too late to opt out of AI? 🤩 with @luis_in_brief from @tidelift 🫡 with @jerodsanto & @adamstac 🎧

The xz Hack Revealed a Looming $8.8 Trillion Infrastructure Disaster https://t.co/bGhITDh3rs @luis_in_brief #xzhack #security #cybersecurity #hacking

"The XZ utils hack brings into stark relief the risks of under-investing in the health and resilience of the open source software supply chain [that] enterprise organizations rely on," @tidelift's @dff says.

Software liability changes are coming. Are you ready? 👀 @tidelift CEO @dff shares highlights from new gov't #cybersecurity developments and offers recommended next steps towards demonstrating that your business is following the prescribed best practices https://t.co/EhVfjrzew4

We're so happy to share that @tidelift has officially joined @FINOSFoundation, the Fintech Open Source Foundation! 🎉 Tidelift CEO @dff talks about why this is an exciting development over on our blog: https://t.co/jepmfBRWRg Read our press release:

Gutsy manifesto from @unisonweb: Developing cloud software today is complicated in a very strange way: a lot of the work you end up doing is not programming. What could be possible if you rethought this from the programming language up? They did. https://t.co/fJ2oPAnots

We’re officially in the new year 🎉 What’s to come? 🤔 Join us Thurs, Jan. 18 at 2 p.m. ET, when @tidelift co-founders @dff & @luis_in_brief, @RedMonk analyst @drkellyannfitz, & npm maintainer @ljharb come together to look into their crystal balls 🔮 https://t.co/mz4FYFSWPp

Tune in tomorrow to see what my brilliant fellow panelists (@BrittanyIstenes, @ljharb, and @tidelift co-founders @dff & @luis_in_brief) predict for #OSS in 2024

Our @tidelift response to @ONCD RFI: Open source developers are long on passion, but short on time. Pay independent maintainers to ensure, and attest to, the secure software development practices followed by their projects. We brought the data. https://t.co/RNZriTLGem

What could you do with first-party open source software intelligence data, built in partnership with upstream maintainers? Need to comply with new government cybersecurity regulations? Check out @tidelift's new API & compliance reporting capabilities! https://t.co/x3PCFhDjlc

This week @CISAgov published the Open Source Software Security Roadmap and in it, the agency highlighted the need to support a secure and sustainable #OSS ecosystem https://t.co/6vyvDu4dkZ

CISA's new Open Source Software Security Roadmap highlights plans to: 🏛 Establish @CISAgov's role in supporting the security of OSS 🔍 Drive visibility into OSS usage and risks ⚡ Reduce risks to the federal government 💎 Harden the OSS ecosystem https://t.co/P4zyFP27Ai

Ahead of #OSSummitEU, we explored the matter of how #opensource #maintainers can get paid. Thanks to @ljharb@TweetfromHilary @dff @code_barbarian and Stormy Peters of @github for their help. https://t.co/9JZ6sWLuDf

Get the TL;DR from @tidelift CEO @dff in @securityblvd on the latest U.S. government cybersecurity requirements and what they mean for software vendors selling to the government https://t.co/gT7NckLU34