IBM and its subsidiary Red Hat announced Project Lightwell on Thursday, a joint initiative backed by a $5 billion investment and a workforce of more than 20,000 engineers. The project is designed to address the growing operational risks facing corporate digital infrastructure by systematically securing open source software across enterprise supply chains.
At the core of the initiative is the establishment of an “enterprise clearinghouse” that leverages artificial intelligence to scale software security. The system will use AI to identify, triage, prioritize, and validate vulnerabilities and fixes across open source code bases. Engineers involved in the project will focus their efforts on active upstream maintenance alongside open source community leaders, high-volume AI-assisted vulnerability reviews, and the development of secure patches and release engineering.
The resulting validated patches, capabilities, and lifecycle management features will be delivered to enterprises through commercial software subscriptions. The initiative builds on IBM and Red Hat’s existing commercial open source ecosystem, which currently handles lifecycle management and validation for major enterprise platforms such as Linux, Java, Kubernetes, Kafka, Ansible, Terraform, Flink, and Cassandra.
The scale of the undertaking reflects the deeply embedded nature of open source software in modern corporations; IBM itself says it currently utilizes more than 62,000 open source packages across its enterprise footprint.
“Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” said Arvind Krishna, Chairman and CEO, IBM. “With Project Lightwell, IBM and Red Hat are helping define a new industry model, one that brings together AI, engineering expertise, and trusted collaboration, to secure open source software at its source and across the entire supply chain. This is about strengthening trust in the systems that power business, government, and society.”
Initial participants in Project Lightwell include Bank of America, BNY, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa, and Wells Fargo.
IBM acquired Red Hat for $34 billion in a deal that was announced in late 2018.
