News and Analysis

IBM and Red Hat have expanded their Project Lightwell open source security initiative to speed up patch management, bringing Palo Alto Networks into the fold.The idea is to combine vulnerability intelligence, software remediation ,and network-based protections to help organizations respond more quickly to newly discovered vulnerabilities.Palo Alto Networks will deploy a virtual patch at the network layer to block exploit attempts, while Project Lightwell follows up with software remediation for open source software that customers can test and deploy in their environments.”AI has compressed the window between vulnerability discovery and exploit from weeks to minutes. Traditional patching cannot keep pace,” said Nikesh Arora, CEO and chairman of Palo Alto Networks. “By collaborating with IBM and Red Hat, we are shifting the advantage back to defenders. This powerful combination allows us to neutralize threats in the network while providing uninterrupted business continuity for our global clients.”How Project Lightwell worksAccording to the trio, the deal will provide enterprises with broader vulnerability coverage, with protection across open source software, commercial applications, operational technology (OT) environments, and connected devices. Organizations can receive virtual patch protections before official software patches become available, helping reduce exposure while remediation is underway. When a new vulnerability is discovered, network-level protections can be deployed the same day, reducing the time from validated discovery to protection. The companies also said that in future they plan to establish secure processes for sharing vulnerability information across participating software vendors, technology providers, and security teams. This aims to support coordinated vulnerability disclosure, accelerate protection development, and provide anonymized telemetry on real-world exploitation attempts.”IBM established Project Lightwell to secure the open source software foundation that enterprises rely on every day. By collaborating with Palo Alto Networks, we are extending that security from the source code directly to the network front lines,” said Arvind Krishna, chairman and CEO of IBM. “This joint solution gives our clients exactly what they need to thrive in the AI era: immediate, automated resilience against emerging threats, combined with the rigorous validation required to safely update their core systems.”Software security in the spotlightIBM and Red Hat launched Project Lightwell last month with a $5 billion investment and a team of more than 20,000 engineers. Early adopters include Bank of America, BNY, Citi, Goldman Sachs, JP Morgan Chase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa, and Wells Fargo.The idea was to use advanced AI capabilities, offered through commercial subscriptions, to validate and test fixes across a huge volume of open source code. While more than nine-in-ten Fortune 500 companies rely on open source software, Black Duck research has indicated that 86% of codebases contain open source vulnerabilities. Notably, 81% of those were classified as high or critical risk, up from 74% in the previous year.FOLLOW US ON SOCIAL MEDIA