IBM and Red Hat are officially launching Lightwell, the open source security platform the two companies first teased earlier this year. If it delivers on its promises, it could make life much easier for enterprise IT teams that are tired of choosing between patching security holes and risking broken applications.
The launch follows IBM and Red Hat’s previously announced $5 billion commitment to improving open source security. The companies say more than 20,000 engineers are backing the effort, alongside an AI-powered remediation engine designed to find, validate, and fix vulnerable open source components at scale.
Lightwell launches with two products, folks.
The first is Lightwell Network, which is available now. It gives organizations access to more than 6,500 digitally signed and certified application dependencies covering popular ecosystems such as Java, Python, and JavaScript. Rather than forcing companies to upgrade to newer software releases, Lightwell can backport security fixes to the versions already running in production. That should mean fewer compatibility headaches and far less time spent testing updates before deployment.
SEE ALSO: IBM shrinks the mainframe with compact z17 and LinuxONE 5 systems for modern data centers
The second offering is Lightwell Clearinghouse Premier, which is entering limited availability. Initially focused on financial services, it provides a secure environment where organizations can coordinate vulnerability disclosures, manage patch embargoes, and collaborate on threats before details become public. IBM and Red Hat say healthcare, government, and telecommunications are expected to follow in future phases.
The companies are betting that traditional patch management simply cannot keep pace anymore. Open source now makes up the vast majority of enterprise software, while AI is helping both defenders and attackers move much faster. Instead of waiting for organizations to upgrade entire applications, Lightwell aims to deliver validated fixes directly into existing workflows while continuing to contribute those fixes back to upstream open source projects.
IBM and Red Hat are also bringing plenty of partners along for the ride. AWS, AMD, F5, GitLab, Intel, JFrog, Microsoft, Palo Alto Networks, ServiceNow, Accenture, Deloitte, EY, HCLTech, Infosys, Tata Consultancy Services, and several others are working with the companies to integrate Lightwell into enterprise development and deployment pipelines.
I’ll admit I’m intrigued by this one. One of the biggest reasons organizations postpone security updates is the fear that a major software upgrade will break something important. If Lightwell can really patch older production software without forcing disruptive upgrades, it has the potential to solve a problem that has frustrated IT departments for years.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz