IBM and Red Hat Launch Lightwell to Secure Open Source Software Supply Chain
2026-07-13 13:44
Favorite

en.Wedoany.com Reported - IBM and Red Hat announced the commercial release of Lightwell, offering large-scale automated vulnerability remediation through two products: Lightwell Network and Lightwell Clearinghouse Premier. Lightwell Network is now generally available, providing enterprises with a bootstrapping catalog covering over 6,500 remediated, digitally signed, and certified application-layer dependencies across major ecosystems such as Java and Python. Lightwell Clearinghouse Premier has entered limited availability, serving as a trusted intermediary for security patch embargoes and vertical threat coordination.

IBM and Red Hat Launch Lightwell to Secure Open Source Software Supply Chain in the AI Era

This launch builds on the $5 billion open source security commitment announced by IBM and Red Hat in May 2026, supported by a global team of over 20,000 engineers to oversee and expand Lightwell's AI-driven remediation capabilities. Lightwell's rollout is based on a model built on decades of trust, with Red Hat having protected critical systems for thousands of customers, millions of core product downloads, and a vast number of patches, bug fixes, and community contributions. Lightwell extends this proven enterprise protection to organizations' open source software portfolios.

To provide a trust infrastructure, Lightwell leverages the high-throughput capacity of a generative AI-based remediation engine that is already operational and applied at scale to identify, verify, and fix vulnerabilities in deeply embedded critical dependencies within modern software architectures. By protecting specific software packages running in an organization's active production environments while establishing a stable platform for future applications, Lightwell aims to eliminate friction between rapid innovation and enterprise compliance. To break the dependency remediation deadlock, Lightwell uses automation to backport critical fixes directly to specific, long-running software production versions. As its AI-driven remediation engine runs, Red Hat and IBM expect Lightwell's catalog of remediated software packages to expand from thousands to millions.

Red Hat and IBM deliver these capabilities through two products. Lightwell Network is now generally available, providing instant access to an active content library of high-value remediation content spanning from the latest to legacy libraries. Members receive a continuous stream of digitally signed binaries, source code, and complete Software Bill of Materials (SBOM). Lightwell Clearinghouse Premier has entered limited commercial access, designed to serve as a trusted intermediary for deep industry collaboration, advanced vertical threat coordination, and security patch embargoes. Participating organizations can submit vulnerabilities and request version-specific fixes within embargo windows. The platform is initially limited to the financial services industry but plans to expand to other critical infrastructure verticals such as government, healthcare, and telecommunications in future phases.

Lightwell operates under Red Hat's proven upstream-first model, where security fixes are proactively submitted back to the original open source communities for review and acceptance. Given that open source accounts for up to 90% of enterprise codebases and drove 9.8 trillion downloads in 2025 alone, the sheer volume—along with AI-generated exploits costing as little as $50—has broken traditional patch management, resulting in an average of 581 vulnerabilities per codebase. Lightwell aims to deliver verified fixes directly into active workflows by assessing application context and dependency interactions.

Lightwell is supported by an extended network of technology and deployment partners. Technology providers include Amazon Web Services (AWS), AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks, and ServiceNow, among others. For deployment and strategic services, customers can leverage world-class system integration and strategic deployment services through partnerships with IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY Cybersecurity and Risk Advisory teams, HCLTech, Infosys, Kyndryl, LTM, NTT DATA, Tata Consultancy Services (TCS), and Tech Mahindra, helping enterprise customers map SBOMs, manage version mappings, access the Lightwell registry, and evaluate pipelines.

This bulletin is compiled and reposted from information of global Internet and strategic partners, aiming to provide communication for readers. If there is any infringement or other issues, please inform us in time. We will make modifications or deletions accordingly. Unauthorized reproduction of this article is strictly prohibited. Email: news@wedoany.com
Related Products