6 min read

The challenges and issues within open source are well-documented. Indeed, some, such as Nadia Eghbal have suggested it’s a timebomb waiting to explode. However, Tidelift is building what it believes is a better model for open source software.

An announcement made at the end of April signalled a new chapter in Tidelift’s young life – having secured $25 million Series B funding back in January, it has now extended its coverage of open source projects, with full ‘support’ for more than 1,000 of them, and new tools for subscribers.

How does Tidelift support open source projects?

At this point, you’re probably wondering how Tidelift actually works: what does ‘support’ actually mean in the context of open source?

Essentially, Tidelift is a bit like Uber or Airbnb for open source projects. The organization sits between the organizations that use open source software and those developers that maintain the software. Tidelift subscribers get open source software that is managed and maintained by the maintainers who, in turn, receive compensation from Tidelift.

Co-founder Donald Fischer, who was previously an executive at Red Hat, explains the idea in a little more detail. “We were observing some of the business model developments in other contexts, specifically around this sort of managed market model, or gig economy model… and we started thinking hey that would apply pretty well to what’s already happening with open source,” he tells me over Skype.

The problem, Fischer points out, is that “when you just download some raw open source project, you don’t get a lot of the things that big companies expect from their software providers, like somebody being on the hook to keep it patched and secure, and double checking the licensing and so on…”

Essentially, Tidelift bridges the gap between organizations that use open source software (which is, after all, basically all of them) and the people that maintain and up date it voluntarily.

How does Tidelift actually work?

On a practical level, one way of thinking about it is that Tidelift provides an SLA and insurance for engineering teams that use open source software. So, rather than simply downloading and using the “raw technology” in the way most of the engineering world has been over the last decade.

So, when an engineering team purchases a Tidelift subscription, the open source software they use – provided it is working in partnership with Tidelift – is ‘covered’ in terms of standards, security, and licensing.

It also provides technical support too, with the open source maintainers testing packages before they end up in a team’s software.

“We connect to your software development process through our software as a service tool.” Fischer explains It sort of connects in a similar way to how a continuous integration testing tool connects to a GitHub or BitBucket… and every time your application code changes we look at what has changed as far as the open source packages [have changed]… and basically make sure all of that stuff meets whatever policy you’ve established with Tidelift.”

How does Tidelift differ from enterprise open source companies like Red Hat?

Tidelift may look a little bit like a company like Red Hat. Indeed, Fischer’s background at the company means some of the DNA of Red Hat has found its way into Tidelift. But despite both organizations making open source software more ‘usable’ for the enterprise, they are, in fact, very different indeed.

The key issue for a company like Red Hat is dealing with the scale of open source tools available.

“Red Hat hires full time employees and assigns them to shadow upstream open source products that are… typically being created by other third parties,” Fischer explains. “There’s a scale challenge there… you have to have expertise in each one of the packages that you’re covering… The way we make it scale to this much broader universe of packages is that we go directly to the people that typically wrote the package in the first place.”

Fischer continues “we invite them to do the work that a Red Hat employee would do in the Linux context – and we give them the opportunity to get paid for that, which is typically pretty novel for them.”

The key challenges with open source that Tidelift is trying to solve

Payment is just one of the issues facing the open source world. As Eghbal explained in a report she produced all the way back in 2016, writing:

Nearly all software today relies on free, public code… written and maintained by communities of developers and other talent. Much like roads or bridges, which anyone can walk or drive on, open source code can be used by anyone—from companies to individuals—to build software. This type of code makes up the digital infrastructure of our society today.

Just like physical infrastructure, digital infrastructure needs regular upkeep and maintenance. In the United States, over half of government spending on transportation and water infrastructure goes just to maintenance. But financial support for digital infrastructure is much harder to come by. 

Tidelift’s model, then, ensures that those people who help to maintain the open source software that forms the foundations of our digital lives, are compensated for their work. And it’s important to note that this isn’t just about charity – the economy’s reliance on what is essentially an army of unpaid labor is ultimately unsustainable and makes the broader software ecosystem remarkably fragile.

Solving challenges for the organizations that use open source software

But it isn’t just about open source maintainers. Open source software also poses many challenges for the organizations that actually use it, particularly in terms of reliability and security. At a time when cybersecurity feels like a cat and mouse game between criminals and security experts, and when building resilient distributed systems without downtime is business critical, this becomes incredibly important.

Tidelift removes this by incentivising maintainers to work alongside users and ensure that standards are maintained without harming the velocity of innovation that makes open source so attractive. This leads to a level of surprising equilibrium between business and open source maintainers.

Going beyond a compromise

The tech world has been looking for a compromise when it comes to the challenges of open source. The mission has always been to find a way that pleases business while also ensuring those that maintain it are happy and continue to do it.

But if compromise is, as the saying goes, a situation in which all parties are left dissatisfied, Tidelift appears to be going one better by making everyone happy.

Tidelift might not be the only solution to some of the problems that open source is facing – we might, for example, see new licensing models begin emerging over time (despite MongoDB’s failed attempts to get the SSPL past the OSI) – but it nevertheless looks like a unique and forward-thinking solution to an incredibly important issue.

You can learn more about Tidelift by visiting the company’s site here.

Co-editor of the Packt Hub. Interested in politics, tech culture, and how software and business are changing each other.