IBM commits $5 billion to secure open-source software
· CNA · JoinRead a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST
May 28 : IBM said on Thursday it has committed $5 billion to an initiative that will deploy engineers and AI tools to help companies better secure open source software.
The initiative, called Project Lightwell, seeks to create a "clearinghouse" for open source security, establishing a model for managing risks across the software supply chain.
Open source software is freely available code that anyone can use and modify, and powers the technology systems of most companies. Its widespread use, however, has made it a prime target for hackers at a time when AI is making it easier for bad actors to find and exploit security flaws.
IBM and its hybrid cloud unit Red Hat have piloted the initiative with a few companies, including Bank of America, JPMorgan Chase and Visa, to refine how the system identifies and fixes vulnerabilities across complex enterprise software.
CNA Games
Guess Word
Crack the word, one row at a time
Buzzword
Create words using the given letters
Mini Sudoku
Tiny puzzle, mighty brain teaser
Mini Crossword
Small grid, big challenge
Word Search
Spot as many words as you can
Show More
Show Less
The service will launch "as a commercial offering in the next 30 days," IBM's senior vice president of software, Rob Thomas, told Reuters.
Thomas said the service, offered via subscriptions likely priced by the number of packages used, provides clients with a "stamp of approval from the clearinghouse that their open source is safe to use in production."
Project Lightwell will be a central hub where companies can confidentially report security flaws, receive tested fixes and share those fixes with the broader open source community.
Designed to secure software across its full life cycle — from development through to production environments — it will allow businesses to plug vetted security patches directly into their existing systems.
Project Lightwell expands Red Hat's traditional approach of securing software within its own platforms to cover a broader ecosystem of independent open source components, including libraries and AI frameworks.
Newsletter
Week in Review
Subscribe to our Chief Editor’s Week in Review
Our chief editor shares analysis and picks of the week's biggest news every Saturday.
Sign up for our newsletters
Get our pick of top stories and thought-provoking articles in your inbox
Get the CNA app
Stay updated with notifications for breaking news and our best stories
Get WhatsApp alerts
Join our channel for the top reads for the day on your preferred chat app