IBM, Red Hat Launch Project Lightwell for Open Source Security

IBM and Red Hat have launched Project Lightwell, a five-billion-dollar initiative to enhance open-source software security. This project aims to create a trusted enterprise clearinghouse, using advanced AI and over 20,000 engineers. The clearinghouse will help businesses identify, validate, and fix vulnerabilities in open-source software used in production. It will support vulnerability reporting, validated patch deployment, and coordinated disclosure. This allows enterprises to address critical issues and contribute fixes back to open-source communities. More than 90% of Fortune 500 companies rely on open-source software. Recent AI research shows frontier models can identify thousands of high- and critical-severity vulnerabilities in open-source code. This project responds to the increasing pressure on enterprises to secure their software components. This effort signals a significant shift in software supply chain security, creating new demands for managed services in vulnerability prioritization and patch coordination.