Tidelift raises $27 million to secure open source supply chain

We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!


Today, open source supply chain security provider Tide lift announced it has raised $27 million as part of a Series C funding round led by Dorilton Ventures. With the funding, the organization can help reduce health and security vulnerabilities in open source software.

Tidelift’s open source management solution, the Tidelift Subscription, provides enterprises with a tool to create, track, and manage catalogs of approved open source components so they can avoid using insecure components in their environments.

The organization also works with the administrators of thousands of open source projects to evaluate component security and seek advice on vulnerabilities.

It is an approach designed to enable application development teams to quickly identify secure open source tools while preventing the deployment of vulnerabilities in the environment that could allow unscrupulous attackers to exploit.

Addressing open source vulnerabilities

The announcement comes amid an industry-wide crackdown on open source threats, with the White House Open Source Security Summit II recently taking place earlier this month, raising companies such as Amazon, Meta, Google, Microsoft, Ericsson, Red Hat and Oracle. million a year to help improve open source security.

Tidelift is one of the providers in the community that plays a direct role in securing the open source supply chain, working with and paying the administrators of open source projects to improve the health and safety of their solutions, while helping development teams provide a solution for adding new components to the workflow.

“We help developers act quickly by streamlining the development process towards remote obstacles that slow down application development. Development teams can improve decision making with contextually relevant, maintainer-sourced data that is made readily available throughout the software development lifecycle,” said Tidelift co-founder and CEO Donald Fischer.

“They can also create a catalog of pre-vetted, approved, open source components that reduces duplication and speeds development,” said Fischer.

The providers engaged in open source supply chain security

Tidelift’s investment also coincides with the broader growth of the global security and vulnerability management market, which the researchers predict will grow from $13.8 billion in 2021 to $18.7 billion in 2026 as more organizations look to secure their environment and software supply chain from threat actors.

The organization competes with a range of providers, including: FOSSAwhich raised $23.2 million in financing as part of a Series B funding round in 2020, offering an open-source management platform with zero configuration scanning for application vulnerabilities, end-to-end third-party code management, and license compliance.

Another major competitor is snyka solution that can automatically identify and remediate vulnerabilities in code, dependencies, or containers with security intelligence.

Snyk recently raised $530 million and made $8.5 billion taxation in September last year, making it one of the largest providers focused on securing the software supply chain.

One of the key differentiators of Tidelift as a solution in the market, however, is the organization’s collaboration with the administrators of open source projects.

“We work with them to ensure projects are operational and meet clearly defined security, licensing and maintenance standards. And we pay them for the added value they create by maintaining their projects according to company standards,” said Fischer.

The mission of VentureBeat is a digital city square for technical decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.