>>
Platform>>
Red hat>>
IBM & Red Hat Launch Lightwell...IBM and Red Hat have commercially launched Lightwell, a service delivering automated vulnerability remediation for open source software, with an initial catalog of 6,500+ remediated dependencies across Java and Python ecosystems. The launch builds on a $5 billion commitment to open source security backed by 20,000 engineers.
IBM and Red Hat have moved Project Lightwell from vision to product. The joint venture, announced in May with a $5 billion commitment to secure open source software, has now launched two commercial offerings: Lightwell Network and Lightwell Clearinghouse Premier.
Lightwell Network is generally available now, giving enterprises access to a catalog of more than 6,500 remediated, digitally signed, and certified application-layer dependencies across Java and Python ecosystems . Lightwell Clearinghouse Premier has entered a limited-availability phase, initially targeting financial services organisations that need a controlled channel for patch embargoes and threat coordination.
The service is designed to solve a fundamental problem for large organisations running older or heavily customised software versions in production. Rather than forcing teams to upgrade to the latest upstream release to get a fix, Lightwell backports security patches to the versions companies are already using.
"Lightwell represents a fundamental structural shift in how we secure all enterprise software. By pairing automated remediation with our deep engineering heritage, we aim to deliver the trusted infrastructure required to consume open source reliably, sustainably, and at AI speeds," said Matt Hicks, President and CEO of Red Hat.
The platform is built around a generative AI-powered remediation engine that combines frontier AI models with human engineering expertise to identify, validate, and remediate vulnerabilities in dependencies buried deep inside modern software stacks. The companies expect Lightwell's catalog of remediated packages to scale rapidly from thousands to millions.
The launch is backed by a broad partner ecosystem. Technology partners include AWS, AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks and ServiceNow, while deployment services are being offered through IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY Cyber, HCLTech, Infosys, Kyndryl, NTT DATA, TCS and Tech Mahindra.
"IBM and Red Hat are giving enterprises certified fixes they can pull straight into the systems they already run, with no retooling or disruption, backed by a growing network of technology and delivery partners," said Rob Thomas, Senior Vice President of Software & Chief Commercial Officer at IBM .
Lightwell operates under Red Hat's upstream-always model, where security fixes are actively submitted back to the originating open source community for review and acceptance, ensuring commercial protections and community health reinforce each other.
The launch comes as open source comprises up to 90% of enterprise codebases and drives 9.8 trillion downloads annually, with an average of 581 vulnerabilities per codebase. AI-generated exploits have broken traditional patch management, creating demand for automated remediation services.
Here is the question this launch raises. IBM and Red Hat are committing $5 billion and 20,000 engineers to fix vulnerabilities in the open source code that underpins 90% of enterprise applications. But when the companies building the security clearinghouse are also the ones whose products are affected by those vulnerabilities, is this a service or an insurance policy?
As Lightwell goes commercial and expands its partner ecosystem, The Silicon Review asks a final question. When the enterprise depends on open source code maintained by volunteers and discovered by AI, is the only sustainable answer a commercial security clearinghouse backed by Big Tech?
FAQ:
Q: What is Lightwell Network?
A: Lightwell Network is a generally available service providing enterprises with access to a catalog of 6,500+ remediated, digitally signed and certified open source dependencies across Java and Python ecosystems .
Q: What is Lightwell Clearinghouse Premier?
A: Lightwell Clearinghouse Premier is a limited-availability offering serving as a trusted intermediary for secured patch embargoes and vertical threat coordination. It is initially available to financial services organisations.
Q: How much are IBM and Red Hat investing in Lightwell?
A: IBM and Red Hat announced a $5 billion commitment to open source security, backed by more than 20,000 engineers to oversee and scale Lightwell's capabilities.
Q: Does Lightwell replace the need to upgrade software?
A: No, but it solves a related problem. Rather than forcing teams to upgrade to the latest version to get a security fix, Lightwell backports patches to the versions companies are already running in production.
Q: What partner ecosystem supports Lightwell?
A: Technology partners include AWS, AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks and ServiceNow. Deployment services are offered through IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY, HCLTech, Infosys, Kyndryl, NTT DATA, TCS and Tech Mahindra.
Comments