Paid Maintainers More Likely to Follow Security Standards
Which of the following practices have been implemented for most or all of the open source projects you maintain? If you haven't implemented them, which would you consider using in the future?
Bar chart titled: Paid Maintainers More Likely to Follow Security Standards
Data from "The 2023 Tidelift State of the Open Source Maintainer Report," Tidelift.
Respondents were asked: Which of the following practices have been implemented for most or all of the open source projects you maintain? If you haven't implemented them, which would you consider using in the future?
Two factor-authentication for source code hosting and package managers 69% paid maintainers, 51% unpaid maintainers
Provide fixes and recommendations for vulnerabilities. 69 paid, 43 unpaid
A disclosure plan for how to contact the maintainer about security issues. 69 paid 42 unpaid
Formal processes or standards to verify all new project contributors. 26paid 20 unpaid
