IBM, Red Hat launch $5B Project Lightwell to boost open-source security
IBM, Red Hat launch $5B Project Lightwell to boost open-source security
Publish Date: 2026-05-28 16:27:00
Source Domain: siliconangle.com
IBM Corp. and its Red Hat subsidiary today launched an initiative called Project Lightwell to improve the security of open-source projects.
Project Lightwell is backed by a $5 billion commitment. In addition, IBM and Red Hat will assign more than 20,000 engineers to the initiative.
Red Hat, which became part of IBM through a 2019 acquisition, sells a popular Linux distribution called RHEL. Its code is publicly available, but organizations must buy a license to use it in software projects. Red Hat also develops other open-source tools that automate tasks such as configuring cloud infrastructure.
The Linux distributor has long operated a program through which its engineers find and fix vulnerabilities in its software. Project Lightwell will extend IBM’s work in that area beyond the Red Hat product portfolio to the broader open-source ecosystem. According to the company, the goal is to help enterprises remediate vulnerabilities in the open-source tools that power their software. IBM will provide access to Project Lightwell through subscriptions.
When developers integrate an open-source project into an application, they often don’t use the latest version of the component. Even when they do use the latest version, there is a risk that the component will become outdated in the future because of a lack of updates. That can create challenges if a vulnerability is discovered in the project.
In many cases, cybersecurity patches aren’t immediately available for legacy versions of an open-source tool. Moreover, there are situations where installing a patch requires updating the affected tool to the latest release. That can necessitate significant code changes to the application in which the component is installed.
The IBM and Red Hat engineers assigned to Project Lightwell will use artificial intelligence to find vulnerabilities in open-source projects. From there, they will develop patches and backport them to the specific open-source project versions used…
