IBM, Red Hat, and Deloitte have announced a strategic collaboration to reinforce software supply chain security through Lightwell, an initiative designed to help enterprises combat increasingly sophisticated cyber threats targeting open source software. As part of the collaboration, Deloitte will serve as an integration collaborator, extending its secure software supply chain architecture and cyber risk expertise to support the enterprise-scale open source security framework developed by IBM and Red Hat.
Modern organizations increasingly depend on a combination of proprietary applications, open source software, and third-party commercial solutions. Since many enterprise applications incorporate all three components, even a single unpatched vulnerability can expose critical business systems to significant cybersecurity risks. The rapid advancement of frontier AI technologies has further intensified this challenge, enabling threat actors to identify and exploit zero-day vulnerabilities in a matter of minutes.
Lightwell has been devised to assist the companies in overcoming these problems by decoupling open-source security patching from the usual process of upgrading the software. The effort is funded by IBM and Red Hat and consists of merging the enterprise open-source security framework with the professional engineering capabilities. Lightwell will coordinate responsible upstream reporting and patching with the independent maintainers while simultaneously creating, verifying, and applying security fixes to the actual production version of the software that the company uses.
The partnership aims to bring together their strengths through the software development life cycle so that businesses can develop greater cyber resilience using a few major strategies:
- Continuous Visibility and Discovery: This process entails continuous discovery and mapping of first-, open-source, and third-party software so that there is total visibility regarding the software, its environment, and the business functionality it delivers.
- Contextual Risk Prioritization: Assisting businesses in determining which are the critical vulnerabilities and which ones are not through assessing their severity, exploitability, exposure, and threat relationship.
- Machine-Speed Remediation: Integrating IBM and Red Hat’s automated patch validation capabilities with Deloitte’s orchestration services to rapidly coordinate, test, and deploy validated security fixes into production environments. Deloitte will also maintain a dedicated team of Forward Deployed Engineers (FDEs) to provide continuous remediation support and application maintenance for enterprise clients.
- Ecosystem Trust and Regulatory Compliance: Supporting enterprises in managing upstream open source communities and commercial software vendors through coordinated vulnerability disclosure processes while delivering continuous, evidence-based reporting for executive leadership, auditors, and regulatory bodies.
“Exploits don’t wait for manual patching processes, and neither can enterprise response,” said Adnan Amjad, Deloitte’s US Cyber leader. “Together, we’re enabling clients to operate at machine speed to identify, validate, and remediate vulnerabilities. This collaboration is about building the operational resilience needed to maintain trust across increasingly complex software ecosystems creating systems that can withstand and neutralize risk without disrupting the business.”
Also Read: Exabeam Unveils Open-Source ‘Praxen’ to Establish Agent Behavior Verification for Enterprise AI Workers
“Lightwell was created to address the growing challenge of securing open source software in an AI-driven threat landscape,” said Savio Rodrigues, Vice President, Service Partners at IBM. “It brings together the engineering, automation, and ecosystem partnerships needed to tackle this risk at scale. “We’re excited to collaborate with Deloitte and leverage their capabilities in cyber risk management to extend this model to more organizations.”
“Open source drives innovation, but the volume of AI-generated threats requires engineering capacity that matches the speed of the attacker,” says Kevin Kennedy, Vice President, Global Partner Ecosystem at Red Hat. “Our work with Deloitte will bring the remediation capabilities we developed with IBM with Lightwell directly to enterprise application environments. Together we will isolate, patch, and deliver the fixes, supporting the open source ecosystem while protecting the specific versions our customers depend on.” “Our work with Deloitte will bring the remediation capabilities we developed with IBM with Lightwell directly to enterprise application environments. Together we will isolate, patch, and deliver the fixes, supporting the open source ecosystem while protecting the specific versions our customers depend on.”
In light of increasing cyber attacks and rapid emergence of software vulnerabilities, businesses are now looking for ways to adopt proactive strategies for minimizing risk and enhancing governance within the software development lifecycle. IBM, Red Hat, and Deloitte hope to use this partnership in making software supply chain security a coordinated, evidence-based operating model in order to be able to respond quickly and effectively as well as be resilient and trustworthy.
In addition, such partnership will serve to enhance the current association that exists between both organizations. This is so since it conforms to the partnership between Deloitte and IBM, where they have been partnering to solve issues such as cyber security, digital trust, operation resilience, and new tech risks for their customers. In this regard, such partnership also conforms to the 10-year long partnership that exists between Deloitte and Red Hat.
