A few weeks ago at Upstream, Tidelift co-founder Luis Villa sat down with HBS professor Frank Nagle to discuss his recent report that estimated the value of the open source ecosystem at 👉 8.8 trillion dollars 👈 . By way of comparison, the U.S. Interstate Highway System is valued at only $742 billion, and the entire U.S. electrical grid is valued at only $1.5 trillion to $2 trillion. Beyond the fact that $8.8 trillion is a very, very large number, in this clip from the talk, Dr. Nagle explains why he thinks the study hit a nerve, as it came out at a time when government and industry are increasingly focused on new policy and technology solutions for improving open source health and security in the wake of recent well-publicized attacks impacting open source. From the talk: "This is coming out of the log4j incident and, very recently, the xz incident. People, even if they know nothing about open source, are starting to understand that it is really important." I highly recommend watching the full talk, which you can find here: https://lnkd.in/gkKhk_n8
Chris Grams’ Post
More Relevant Posts
-
As of this morning, the 2024 Tidelift maintainer survey is now open and accepting responses! 📬 If you are an open source maintainer and fill out the survey, we'll send you the 👉 trippy new pay the maintainers t-shirt 👈 we made for Upstream this year. If you are a lifter (one of Tidelift's maintainer partners), we'll also send you a special new Tidelift lifter hoodie! 🙌 The data we've collected in our first two maintainer surveys has been widely cited to help make the case for investing more in the maintainer ecosystem, so every response we get helps make the dataset more robust and useful. Tagging the lifters I know are on LinkedIn in the hopes that you'll share this here or anywhere you hang out with other maintainers. Thanks in advance Jordan Harband Seth Michael Larson Jeffrey Clark Valeri Karpov Wesley Beary Gary Gregory Tatu Saloranta Ned Batchelder Andres Almiray Forbes Lindesay Jason R. Coombs Jesse McConnell Pelle Wessman Reinier Zwitserloot Stephen Colebourne for any help you can provide to spread the word! 🙏 Survey link below, my blog post announcing the survey, and links to previous survey reports in the comments! https://lnkd.in/g-MRuH5u
To view or add a comment, sign in
-
James Berthoty is a unicorn in the software security space who communicates about complex subjects clearly. 🦄 In this clip from his excellent Upstream talk a few weeks ago, he argues that if organizations are going to see open source maintainers as vendors, they actually need to treat them like they would treat any of their other vendors. From the talk: "We call open source maintainers vendors when we treat them like vendors, and we publish CVEs and expect them to fix them as if they are contractors. So we should actually 👉 pay them and have some kind of contract in place 👈 as though they are vendors or contractors to establish the relationship ahead of time. It's 👉 extremely unfair 👈 how we expect them to patch CVEs without having any formal relationship to us." 🎤 💧 💪 Watch the full talk here: https://lnkd.in/g3cUDzWY cc: Tidelift
To view or add a comment, sign in
-
A few months ago I went to the RSA Conference for the first time and, as a professional communicator, I'm not gonna lie, I was bummed by what I saw there. 😳 My friends, the state of clear communication in the software security industry is... not strong. 🥨 Part of it is simply that we exist in a complicated, confusing space, with lots of edge solutions that address one small part of an overwhelmingly large security problem. But there is also just a lot of meaningless jargon and acronyms, abstract messaging that is too technical or not technical enough, and a !@#$ton of FUD. I came back wanting to see if Tidelift could do our part to communicate better, try to simplify what we do into words actual humans use. Here's one result of that effort: a new three minute video explanation of what Tidelift does and how we help our customers, coming from a very simple premise: 1️⃣ Problem: Using bad open source packages slows teams down and creates risk to organizations' revenue, data, and customers. 2️⃣ How Tidelift helps: Tidelift helps organizations proactively reduce their reliance on bad open source packages. 3️⃣ Why we are different than any other solution: We are the only company that partners with the maintainers of 1000s of the most-relied-upon open source packages and pays them to make their packages healthier and more secure. Take a watch, see how you think we did! 📽 Thanks also for Kanishka S. for his leadership on this project + my long time video collaborator Tim Kiernan and Peter Sperrazza for their excellent production and animation work! You can also access the video on youtube here: https://lnkd.in/g2n93_mn
To view or add a comment, sign in
-
Dropping some interesting news this morning as our own Lauren Hanford here at Tidelift HQ 🏢 announced that we've expanded our dataset to include open source package version-level end of life data and additional reporting capabilities. Full blog post with the announcement is here: https://lnkd.in/gWBT695h So why does this matter? Because packages and versions that have been declared end of life 🚨 no longer receive security updates 🚨 , many Tidelift customers have been looking to get a better handle on which versions of packages they are using directly or pulling in as transitive dependencies have been marked as end of life. The answer is often a bit scarier than they think 😅 , especially when it comes to transitive dependencies, so these new capabilities help our customers get a handle on exactly what the EOL risk looks like today AND 👉 get a sense for which packages represent the biggest risk 👈 so they can triage the important stuff first. As an example, check out this graphic below. This shows how a customer could quickly prioritize which end of life packages and versions to update first based on CVE scores + how many version majors behind the package/version is + how many applications are relying on it within the organization. The red circle shows a package that is relied on by 47 applications and is 3.5 majors behind with a CVE score of 9.8. I'd hit that one first! 🎯 Conversely, the green circle represents a package that is only 1.8 majors behind, with a CVE score of 4.3, and only 4 apps use it. Could save that one to fix on a rainy day! 🌧 For organizations that are overwhelmed with vulnerability reports and struggling to figure out where to prioritize the efforts, this represents a HUGE step forward in smartly reducing application risk. Cool stuff!
To view or add a comment, sign in
-
Thrilled to see that Kim Jokisch is now sharing her deep knowledge about culture, strategy, and coaching / learning / growing leaders with the world. If you are looking for a professional coach to help you continue to thrive in your career, I highly recommend Kim, whom I've worked with and collaborated with in many different capacities over um... let's say... years. Check out her website 👇 .
Twenty-one years ago, I participated in a weeklong assessment certification in Atlanta. The course was full of trainers, counselors, and—the ones that stood out to me the most—coaches. I was intrigued. I interviewed many of them to better understand what they did, how they spent their days, what their businesses and backgrounds looked like. I travelled home resolute that when the time was right, I too would lead my own coaching practice. That past goal is now my present reality, and this year has been an enriching one already. Jokisch Coaching has been coaching clients, facilitating learning and strategy sessions, building strategic plans, and collaborating with joy and gratitude. And today, I am delighted to share the new Jokisch Coaching website: jokischcoaching.com. I'd love to reconnect and explore how I can help you or your organization. You can reach me at kim@jokischcoaching.com.
To view or add a comment, sign in
The missing link between Legal and Engineering | Interested in Open Source, InnerSource and OSPOs and how to make organizations more effective and fun, learning more about SW Architectures
2wWasn't it USD8.8 trillion without Open Source operating systems? Linux is almost everywhere and there are others too, so the real value of OSS is much higher than USD8.8 trillion.