%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
IBM and Red Hat announced the launch of "Project Lightwell," aimed at enhancing the security of open source software (OSS) using artificial intelligence technology. The initiative will establish a platform called the "Trusted Enterprise Clearinghouse," with more than 20,000 engineers worldwide participating, with the goal of identifying and fixing security vulnerabilities in open source software on a large scale.
As open source software is widely used in enterprises, security risks have also increased. IBM stated that the company currently uses over 62,000 open source software packages and has deep expertise in more than 10,000 of them. The detection of 23,019 vulnerabilities by Anthropic's Claude Mythos model highlights the urgency of current security issues.
The "Trusted Enterprise Clearinghouse" will serve as a "security coordination layer," using advanced AI capabilities to verify and test fix solutions. Participating companies can integrate security patches directly into their software supply chains through commercial subscriptions. This process allows companies to share sensitive security issues within a secure framework and then receive optimized patches adapted for production environments, ultimately enabling the upstream sharing of fixes to support long-term maintenance.
Rob Thomas, Senior Vice President of IBM Software, revealed that the initiative will officially launch commercially within the next 30 days, with subscription fees determined based on the number of software packages used by the enterprise. Currently, IBM and Red Hat have conducted preliminary pilot tests with several major companies, including Bank of America, Citigroup, Goldman Sachs, JPMorgan Chase, Mastercard, Morgan Stanley, Royal Bank of Canada, Visa, and Wells Fargo. The initial results will guide subsequent commercial services.
Arvind Krishna, Chairman and CEO of IBM, stated that open source software is the foundation of the digital economy and the core of modern AI. Project Lightwell will combine AI, engineering expertise, and trusted collaboration to ensure the security of open source software from the source, covering the entire supply chain.
Key Points:
- 🚀 IBM and Red Hat jointly launched "Project Lightwell" to enhance the security of open source software.
- 🛡️ More than 20,000 engineers will participate in establishing the "Trusted Enterprise Clearinghouse," focusing on identifying and fixing security vulnerabilities.
- 💼 Enterprises can obtain security patches through subscriptions, and several major financial institutions have participated in the pilot program.