GoKawiilPeterPhoto123 via Shutterstock
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Lightwell is a huge effort to safeguard open-source software.
IBM and Red Hat are investing in this massive security initiative.
We don't yet know how this subscription-based service will work.
AI is a mixed blessing for open-source software. On the one hand, AI can help developers program faster and find bugs more quickly. On the other hand, maintainers are being overwhelmed by the sheer volume of potentially serious bug reports.
As Daniel Steinberg, founder and maintainer of the popular open-source data transfer program cURL, recently said, "The rate of incoming security reports is four to five times higher than it was in 2024 and double the speed of 2025." For the first time, he confessed, "I work more than I've done before, but the flood keeps coming." Steinberg is on the verge of burning out. So, he asked for more companies "to fund us" so they could then pay more developers to distribute the workload." Now, IBM and its subsidiary Red Hat have heard the call.
Also: Europe's open-source alternative to Microsoft Office and Google Docs launches June 9
Their answer is Project Lightwell, an AI‑powered initiative they described as a "first‑of‑its‑kind force" to find and fix vulnerabilities in open-source software at an industrial scale. Lightwell aims to become a de facto clearinghouse for securing the open-source components that underpin modern enterprise IT.
... continue reading