Business

IBM : Red Hat, and Deloitte Announce Lightwell Collaboration to Help Strengthen Open Source Software Supply Chain Trust

IBM : Red Hat, and Deloitte Announce Lightwell Collaboration to Help Strengthen Open Source Software Supply Chain

articleInternational Business Machines CorporationJune 26, 20264/news/ibm-red-hat-and-deloitte-announce-lightwell-collaboration-to-help-strengthen-open-source-software-supply-chain-trust
IBM : Red Hat, and Deloitte Announce Lightwell Collaboration to Help Strengthen Open Source Software Supply Chain Trust

About this update from International Business Machines Corporation

NEW YORK, ARMONK, N.Y. and RALEIGH, N.C., June 26, 2026 - Deloitte, IBM (NYSE: IBM), and Red Hat today announced a collaboration to help protect the software supply chain against increasingly automated cyber threats. Deloitte joins the initiative as an integration collaborator for Lightwell, bringing its broader secured software supply chain architecture and cyber risk services to the large-scale enterprise open source security model deployed by IBM and Red Hat. Most organizations rely on a mix of first-party code, open source software, and third-party commercial software. Because a single business application can include all three, an unpatched vulnerability can introduce immediate risk across the entire corporate estate. Frontier AI models have accelerated this risk and can enable adversaries to discover and exploit zero-day flaws in minutes. Lightwell aims to help address this operational pressure by decoupling open source software security remediation from the traditional software upgrade cycle. The initiative combines an enterprise open source security model with an active engineering force. Supported by IBM and Red Hat, Lightwell coordinates upstream threat disclosures with independent maintainers while developing, testing, and backporting patches directly to the pinned software versions running in production environments. Lightwell delivers validated patches to those specific, in-use software versions, protecting critical systems without forcing disruptive upgrades. Through this collaboration, the three organizations will coordinate across the software lifecycle to help clients manage security threats: Continuous Visibility & Discovery: Continuously mapping and scanning first-party, open source, and third-party software to identify exactly what code exists, where it runs, and which critical business functions it supports. Contextual Prioritization: Separating active threats from noise by analyzing severity, exposure, threat-chaining, and exploitability to inform operational decisions. Machine-Speed Remediation: Combining Red Hat and IBM's automated patch validation with Deloitte's orchestration services to rapidly coordinate, test, and deploy validated fixes into production repositories, limiting disruption. To achieve this, Deloitte will maintain a bench of Forward Deployed Engineers (FDEs) to support ongoing remediation and maintenance of cli...

View stock analysis, news, and events for International Business Machines Corporation