May 28 (Reuters) – IBM said on Thursday it has committed $5 billion to an initiative that will deploy engineers and AI tools to help companies better secure open source software.
The initiative, called Project Lightwell, seeks to create a “clearinghouse” for open source security, establishing a model for managing risks across the software supply chain.
Open source software is freely available code that anyone can use and modify, and powers the technology systems of most companies. Its widespread use, however, has made it a prime target for hackers at a time when AI is making it easier for bad actors to find and exploit security flaws.
IBM and its hybrid cloud unit Red Hat have piloted the initiative with a few companies, including Bank of America, JPMorgan Chase and Visa, to refine how the system identifies and fixes vulnerabilities across complex enterprise software.
The service will launch “as a commercial offering in the next 30 days,” IBM’s senior vice president of software, Rob Thomas, told Reuters.
Thomas said the service, offered via subscriptions likely priced by the number of packages used, provides clients with a “stamp of approval from the clearinghouse that their open source is safe to use in production.”
Project Lightwell will be a central hub where companies can confidentially report security flaws, receive tested fixes and share those fixes with the broader open source community.
Designed to secure software across its full life cycle — from development through to production environments — it will allow businesses to plug vetted security patches directly into their existing systems.
Project Lightwell expands Red Hat’s traditional approach of securing software within its own platforms to cover a broader ecosystem of independent open source components, including libraries and AI frameworks.
(Reporting by Anhata Rooprai in Bengaluru; Editing by Vijay Kishore)
