Tidelift raises $27 million to improve open source software supply chain security
Tidelift announced $27 million in Series C funding, led by Dorilton Ventures, with Kaiser Permanente and Atlassian Ventures joining existing investors General Catalyst and Foundry Group. As part of the transaction, Daniel Freeman of Dorilton Ventures has joined the Tidelift Board of Directors.
This new investment comes as open source software health and security have become a pressing priority for organizations and governments around the world. Recent threats to the software supply chain like the Log4Shell vulnerability have led organizations to reassess how they manage the health and security of the open source software comprising the bulk of their applications.
Additionally, the US Government is leading a coordinated, multi-agency effort to improve software security standards in order to fulfill the directives from the White House Cybersecurity Executive Order. This also adds pressure to organizations seeking to comply with these new standards in order to continue selling to the government, including creating software bills of materials (SBOMs) listing all of their application components, while simultaneously vouching for their security and provenance, including open source elements.
“Against a backdrop of increasing security threats and more stringent government software security standards, Tidelift is uniquely positioned to work with our open source maintainer partners to help maximize the value organizations get from open source while reducing risk,” said Donald Fischer, Tidelift co-founder and CEO. “Our recent survey further supports this with findings showing 35% of respondents from large organizations believe open source software supply chain security is the most urgent issue for application development teams.”
Rising demand from organizations increasingly reliant on open source
As organizations increase the use of open source in their applications, they face the growing challenge of keeping it well maintained and secure at scale. The Tidelift approach to managing open source is being embraced across industries, including healthcare, finance, technology, and government. New and expanding Tidelift customers include Fannie Mae, Bloomberg, Hughes, Adobe, NASA Jet Propulsion Laboratory, IEEE, the United States Geological Survey, and the United States Air Force.
A central element of Tidelift’s model is that the company pays the independent open source maintainers behind thousands of open source components to ensure their projects meet enterprise standards now and into the future. The more subscribers that use an open source component, the more its maintainers get paid, with no cap on potential earnings.
“Tidelift’s unique approach marries the needs of enterprise application development teams and open source maintainers in a win-win way where everyone benefits,” said Daniel Freeman, General Partner at Dorilton Ventures. “We’re looking forward to being a part of realizing the Tidelift vision of making open source work better for everyone.”
“Atlassian is always looking for ways to improve the experiences of our 200,000+ Cloud customers, especially those using Compass, our new mission control for distributed architecture,” said Matt Sonefeldt, Head of Atlassian Ventures. “With help from Tidelift and their maintainer partners, our Cloud customers can continuously and proactively improve the health of the open source software supply chain, not just when they are ready to ship.”