Tidelift’s maintainer-validated data to make more informed decisions about open source packages and minimize open source-related risk. These new capabilities are the culmination of years of work by Tidelift to identify the secure software development practices with the largest impact on improving open source security, and then pay maintainer partners to ensure these practices remain in place for their projects into the future.

Source: Help Net Security