AI

IBM, Red Hat, and Deloitte Announce Lightwell Collaboration to Help Strengthen Open Source Software Supply Chain Trust

NEW YORK, ARMONK, N.Y. & RALEIGH, N.C., June 26, 2026--Deloitte collaborates with IBM and Red Hat to secure the open source software supply chain.

articleInternational Business Machines CorporationJune 26, 20266 min read/news/ibm-red-hat-and-deloitte-announce-lightwell-collaboration-to-help-strengthen-open-source-software-supply-chain-trust-1
IBM, Red Hat, and Deloitte Announce Lightwell Collaboration to Help Strengthen Open Source Software Supply Chain Trust

About this update from International Business Machines Corporation

Deloitte collaborates with IBM and Red Hat to scale automated vulnerability patching across regulated software supply chains NEW YORK, ARMONK, N.Y. & RALEIGH, N.C., June 26, 2026--(BUSINESS WIRE)--Deloitte, IBM, and Red Hat today announced a collaboration to help protect the software supply chain against increasingly automated cyber threats. Deloitte joins the initiative as an integration collaborator for Lightwell, bringing its broader secured software supply chain architecture and cyber risk services to the large-scale enterprise open source security model deployed by IBM and Red Hat. Most organizations rely on a mix of first-party code, open source software, and third-party commercial software. Because a single business application can include all three, an unpatched vulnerability can introduce immediate risk across the entire corporate estate. Frontier AI models have accelerated this risk and can enable adversaries to discover and exploit zero-day flaws in minutes. Lightwell aims to help address this operational pressure by decoupling open source software security remediation from the traditional software upgrade cycle. The initiative combines an enterprise open source security model with an active engineering force. Supported by IBM and Red Hat, Lightwell coordinates upstream threat disclosures with independent maintainers while developing, testing, and backporting patches directly to the pinned software versions running in production environments. Lightwell delivers validated patches to those specific, in-use software versions, protecting critical systems without forcing disruptive upgrades. Through this collaboration, the three organizations will coordinate across the software lifecycle to help clients manage security threats:

View stock analysis, news, and events for International Business Machines Corporation

Red HatDeloitteLightwellopen source softwaresoftware supply chainsoftware versionssoftware lifecycle