reports that Tidelift has obtained a $27 million investment from a Series C funding round, which will be allocated toward strengthening the security of the open source supply chain.
Tidelift, which is based in Massachusetts, has been working to address enterprise application development teams' and open source maintainers' in an effort to bolster open source code security. "A central element of Tidelifts model is that the company pays the independent open source maintainers behind thousands of open source components to ensure their projects meet enterprise standards now and into the future. The more subscribers that use an open source component, the more its maintainers get paid, with no cap on potential earnings," said Tidelift. The investment comes after succeeding supply chain attacks against SolarWinds, Log4j
, Kaseya, ua-parser-js, and Codecov. The U.S. has also hosted a White House summit tackling open source software security in January after President Joe Biden had called for increase attention on supply chain attacks.