IBM and its Red Hat subsidiary have launched Project Lightwell, a $5 billion initiative to bolster security across the open-source ecosystem. More than 20,000 IBM and Red Hat engineers will be assigned to the project.
Red Hat is best known for its enterprise Linux distribution, RHEL, but its code is widely integrated into enterprise software.
The initiative will use artificial intelligence to identify vulnerabilities in open-source code. Engineers will then develop patches and backport them to the specific versions of those components that businesses are using, so they don't have to upgrade to the latest release.
Project Lightwell will also create a trusted intermediary framework to disclose vulnerabilities to project maintainers and the broader software supply chain.
IBM CEO Arvind Krishna said the goal is to secure open-source software at its source and across the entire supply chain.
The program could intensify competition with startups like Chainguard and Socket, which provide hardened open-source packages and patching tools.