Tidelift, the Boston-based startup focused on “making open source software better for everyone,” has expanded rapidly and has added new capabilities for application development teams.
Using a subscription model with clients, it uses the fees paid in to compensate maintainers of open source projects that don’t have a sponsor company behind them.
- The subscription database monitors 3 million open source projects.
- Subscription now includes open source dependency analysis with identification and resolution of security, licensing, and maintenance issues in direct partnership with open source maintainers.
“We’re partnering with creators and maintainers of a vast array of community-led open source projects to introduce the concept of managed open source, where organizations can save time and reduce risk by paying Tidelift’s participating maintainers to ensure their packages meet uniform and comprehensive commercial standards,” Fischer said.
While companies often no longer maintain servers or databases in-house, “in most cases application development teams are still incurring all the pain and energy of maintaining their open source components themselves,” said Donald Fischer, Tidelift co-founder and CEO.
“We’re trying to let them get that off their plate as well. It lets your developers work on your application, not the pieces going into it, but still have confidence that those pieces are secure, the licensing is locked down, they’re being actively maintained and they’re going to keep working.”
The New Stack analyst Lawrence Hecht reported previously that poor documentation and a negative track record for security are among the top reasons companies do not use an open source technology. And that nearly 75% of developers spend more than 10 hours a month handling open source vulnerabilities.
While it’s still too early for maintainers to quit their day jobs, Tidelift compensation is growing.
“Our largest payout for individual open source packages is in the neighborhood of $30,000 and you can maintain more than one package. … That’s really the end game with Tidelift…. We think there should be this new job category in the world — a full-time open source maintainer, where you’re not just moonlighting or it’s a side [part] of your day job. That should be people’s day job,” Fischer said.
New software tools include an overview of security vulnerabilities, licensing issues, and technical concerns across dependencies, at-a-glance metrics that help developers gauge how package updates affect their applications, and recommendations on when to upgrade key frameworks and libraries.
The company is offering as a free service an open source dependency analyzer that enables development teams to learn about the state of the dependencies within applications they’re building. By sharing the package manager files from one of the projects, Tidelift will analyze them and provide three suggestions on things to address today.
“If getting funding requires a great deal of time and maintenance beyond what’s required by the project itself, I’m just trading one sustainability problem for another,” he said.
“Tidelift is the first solution I’ve seen that allows me to get paid for the value I’m already creating as a developer and maintainer, without the concerns and stress of fundraising. I absolutely love their model. It’s stress-free, and it’s scalable.”
In January, the company announced $25 million in a Series B funding round, which follows a $15 million Series A seven months previously.
Tidelift is a sponsor of The New Stack.
Feature image via Pixabay.