IBM, Red Hat and Deloitte announced the Lightwell collaboration to bolster software supply chain security and improve open source software protection. The initiative is designed to assist enterprises in tackling the growing cyber threats with automated vulnerability remediation and enhanced security practices.
The partnership brings together Deloitte’s secured software supply chain architecture and cyber risk services with the enterprise open source security model developed by IBM and Red Hat. This, in turn, helps organizations improve their ability to identify, validate and resolve software vulnerabilities.
Companies today employ a mix of first-party applications, open source software, and third-party commercial solutions. Hence, one security vulnerability in any component can result in significant risks across the entire enterprise environment.
Moreover, the rapid development of Frontier AI models has increased the challenges of cybersecurity. Now, attackers can discover and exploit zero-day vulnerabilities at much faster rates. That’s why organizations need security strategies that can adapt to the changing threat landscape.
Lightwell Improves Open Source Software Security
Lightwell addresses this by unbundling open source security remediation from traditional software upgrade processes. “The program integrates enterprise security models with active engineering capabilities.
Lightwell is backed by IBM and Red Hat and works with upstream threat disclosures and independent maintainers. It also directly develops, tests and backports security patches for specific versions of software running in production.
This method enables organizations to obtain validated patches without having to perform disruptive system upgrades. This allows companies to operate critical applications while reducing security exposure.
IBM, Red Hat and Deloitte will assist clients with the software lifecycle through the collaboration. The organizations will concentrate on improving visibility, prioritizing risks, accelerating remediation and enhancing compliance processes.
The partnership will provide a variety of capabilities including continuous software discovery. It will discover and inventory first-party, open source and third-party software components. In the process, the organization is able to understand the current code, where it runs from, and the business functions associated with the applications.
Further, contextual prioritization will enable security teams to distinguish between immediate threats and lower-risk issues. This process evaluates severity, exposure levels, threat chains and exploitability factors.
Automation remediation fosters trust in software supply chains
Lightwell also offers machine-speed remediation capabilities. Deloitte’s orchestration services will enhance IBM and Red Hat’s automated patch validation. Combined, they will allow organizations to test and push validated fixes to production repositories.
Deloitte will keep a team of Forward Deployed Engineers (FDEs) to support ongoing remediation efforts. These engineers will help clients with application maintenance and vulnerability management.
“Exploits don’t wait for manual patching processes, and neither can enterprise response,” said Adnan Amjad, Deloitte’s US Cyber leader. “Together, we’re enabling clients to operate at machine speed to identify, validate, and remediate vulnerabilities. This collaboration is about building the operational resilience needed to maintain trust across increasingly complex software ecosystems — creating systems that can withstand and neutralize risk without disrupting the business.”
“Lightwell was created to address the growing challenge of securing open source software in an AI-driven threat landscape,” said Savio Rodrigues, Vice President, Service Partners at IBM. “It brings together the engineering, automation, and ecosystem partnerships needed to tackle this risk at scale. We’re excited to collaborate with Deloitte and leverage their capabilities in cyber risk management to extend this model to more organizations.”
“Open source drives innovation, but the volume of AI-generated threats requires engineering capacity that matches the speed of the attacker,” says Kevin Kennedy, Vice President, Global Partner Ecosystem at Red Hat. “Our work with Deloitte will bring the remediation capabilities we developed with IBM with Lightwell directly to enterprise application environments. Together we will isolate, patch, and deliver the fixes, supporting the open source ecosystem while protecting the specific versions our customers depend on.”
Building Future-Ready Software Supply Chain Security
As vulnerability discovery continues to accelerate, enterprises require stronger methods to reduce exposure and improve accountability. Therefore, the Lightwell collaboration aims to transform software supply chain security from a reactive process into an evidence-based security model.
The initiative will help organizations improve software resilience while maintaining trust across complex technology ecosystems. Additionally, it supports businesses managing cybersecurity, digital trust, and emerging technology risks.
The collaboration expands the existing relationship between Deloitte and IBM. It also strengthens the decade-long alliance between Deloitte and Red Hat, which focuses on open source technologies, IT automation, hybrid cloud management, and enterprise transformation.
Through Lightwell, IBM, Red Hat, and Deloitte aim to help organizations build stronger cybersecurity defenses. The collaboration will support enterprises in managing software vulnerabilities while maintaining operational continuity in an increasingly complex digital environment.
To explore how Security Operations Centers (SOC) play a crucial role in defending against modern cyber threats, read our latest SOC News.
Source: Businesswire
