Technology giant IBM announced Thursday a massive $5 billion investment in a new program designed to help businesses protect open-source software from growing cyber threats.
The program, named Project Lightwell, aims to establish a central security clearinghouse for freely available software code, creating a framework for managing risks throughout the software supply chain.
Freely available software code that can be used and modified by anyone powers the technology infrastructure of most businesses today. However, its widespread adoption has created attractive targets for cybercriminals, especially as artificial intelligence makes it simpler for malicious actors to discover and take advantage of security weaknesses.
IBM and its hybrid cloud division Red Hat have tested the program with several major companies, including Bank of America, JPMorgan Chase and Visa, to improve how the system detects and resolves security gaps in complex business software environments.
The service will become available “as a commercial offering in the next 30 days,” IBM’s senior vice president of software, Rob Thomas, told Reuters.
According to Thomas, the subscription-based service, likely priced based on the number of software packages used, will provide customers with a “stamp of approval from the clearinghouse that their open source is safe to use in production.”
Project Lightwell will function as a central platform where businesses can privately report security vulnerabilities, obtain tested solutions and distribute those fixes to the wider open-source community.
Built to protect software throughout its entire lifecycle from development to production use, the system will enable companies to integrate verified security updates directly into their current technology infrastructure.
Project Lightwell extends Red Hat’s established method of securing software within its own systems to encompass a wider range of independent open-source elements, including code libraries and AI frameworks.
