IT Brief India - Technology news for CIOs & IT decision-makers
India
IBM & Red Hat launch Lightwell for open source fixes

IBM & Red Hat launch Lightwell for open source fixes

Thu, 9th Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

IBM and Red Hat have launched Lightwell, a commercial service for automated remediation of open source software vulnerabilities, with two offerings: Lightwell Network and Lightwell Clearinghouse Premier.

Lightwell Network is generally available and provides enterprises with a catalogue of more than 6,500 remediated, digitally signed and certified application-layer dependencies across software ecosystems including Java and Python. Lightwell Clearinghouse Premier has entered limited availability and is initially aimed at financial services organisations that need a controlled channel for patch embargoes and threat coordination.

The launch expands the companies' joint security effort around open source software, which has grown in importance as businesses rely on external code for much of their applications. It also includes support from more than 22 technology and services partners, including AWS, AMD, Accenture, Deloitte, Infosys, Intel, Microsoft and NVIDIA.

The service is intended to address a longstanding problem for large organisations running older or heavily customised software versions in production. Rather than forcing teams to move to the latest upstream release to get a fix, Lightwell is designed to backport security patches to the versions companies already use.

That approach matters most in sectors where upgrades can trigger long testing cycles, compliance checks and operational risk. Financial services is the first target for Clearinghouse Premier, which is positioned as an intermediary for organisations that need to share vulnerability information under embargo before patches are released more broadly.

Lightwell is built around an automated remediation engine that combines AI models with human engineering review. IBM and Red Hat said the system identifies, validates and remediates vulnerabilities in dependencies buried deep inside modern software stacks.

The launch builds on an earlier IBM and Red Hat commitment of USD $5 billion to open source security. More than 20,000 engineers will support oversight and expansion of the Lightwell programme, the companies added.

Industry backing

The platform is being positioned as both a remediation service and a trust framework for software supply chains. Lightwell Network provides binaries, source code and compliance materials, including software bills of materials, that can feed into existing development and deployment pipelines.

Clearinghouse Premier adds a coordination layer for participating organisations. Users can submit vulnerabilities and request remediation for specific software versions during an embargo period, a model intended to help institutions manage sensitive flaws before public disclosure.

Scott DePasquale, President and CEO, ARC, framed the issue as one of collective defence in sectors with shared technology exposure.

"No single institution can keep pace with the growing scale and complexity of open source vulnerabilities alone," said DePasquale. "The financial sector has long demonstrated the value of collaboration in addressing shared security challenges, and initiatives that enable coordinated remediation have the potential to strengthen resilience across the industry."

Open source components now account for the vast majority of code used in many enterprise applications, and security teams often struggle to track vulnerable packages across sprawling environments. IBM and Red Hat cited industry estimates that open source can make up as much as 90% of enterprise codebases.

Partner network

The Lightwell partner roster spans both software vendors and consulting groups. Technology companies including F5, GitLab, JFrog, Palo Alto Networks and ServiceNow are working with IBM and Red Hat, while deployment support is being offered through IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY Cyber and Risk Consulting teams, HCLTech, Infosys, Kyndryl, LTM, NTT DATA, Tata Consultancy Services and Tech Mahindra.

For IBM and Red Hat, that ecosystem is central to the commercial case for the service, because vulnerability fixes often need to flow through a mix of developer tools, cloud environments, network controls and governance systems. The aim is to let customers bring updates into current workflows without changing the software versions they operate.

"Lightwell represents a fundamental structural shift in how we secure all enterprise software," said Matt Hicks, President and CEO, Red Hat. "By pairing automated remediation with our deep engineering heritage, we aim to deliver the trusted infrastructure required to consume open source reliably, sustainably, and at AI speeds."

Rob Thomas, Senior Vice President, Software & Chief Commercial Officer, IBM, said the service is aimed at reducing the operational burden on customers that cannot maintain remediation work at the same scale internally.

"IBM and Red Hat are giving enterprises certified fixes they can pull straight into the systems they already run, with no retooling or disruption, backed by a growing network of technology and delivery partners," said Thomas. "Making that possible takes scale most organisations don't have, a world-class team of engineers and AI systems working around the clock to protect the open source software the world's enterprises run on."

Jerry Silva, Program Vice President, IDC Financial Insights, said heavily regulated sectors are likely to be among the earliest users because of the compliance costs tied to software changes.

"Heavily regulated industries such as financial services have the highest cost of compliance, meaning that they take security extremely seriously, especially in their use of open source software," said Silva. "The partnership bringing Red Hat and IBM together under the Lightwell banner to identify, triage, and remediate vulnerabilities will bolster the security and resiliency posture of these organisations globally, ensuring the trust that is the hallmark of the services they provide."