Lightwell

Reduce open source software risk with validated, enterprise-grade vulnerability remediation.

abstract dots converging

What is Lightwell?

Lightwell extends Red Hat’s proven model of enterprise open source maintenance by providing access to security remediations and mitigations far beyond its traditional product footprint.

Backed by a global force of more than 20,000 dedicated engineers, Lightwell establishes a new model to identify, validate and remediate vulnerabilities in open source software.

Rows of open laptops stacked on server racks in a dark data center with blue lighting

The AI-driven remediation challenge

Modern applications depend on deep, interconnected open source supply chains. Most enterprises cannot keep up with the volume, complexity, and speed of risk. AI-driven vulnerability discovery is accelerating the volume and velocity of CVEs, widening an already unsustainable remediation gap.

581 Audited codebases contain 581 vulnerabilities on average1

Reflects the accelerating volume of publicly disclosed software vulnerabilities.

>90% More than 90% of Fortune 500 companies rely on OSS2

Open source software underpins modern enterprise infrastructure.

3,900 Nearly 3,900 vulnerabilities identified3

Mythos Preview model identified nearly 3,900 high- or critical-severity vulnerabilities in open source software alone.

How Lightwell works

Remediating vulnerabilities without disrupting production

Lightwell is designed to resolve one of the hardest problems in enterprise software: fixing vulnerabilities without breaking what is already in production.

Lightwell is structured as an annual subscription. It includes the currently available Lightwell Network model, and the Lightwell Clearinghouse Premier model for preselected customers in critical infrastructure areas, with plans for a broader future release.

Customers access Lightwell remediations through Lightwell repositories and integrate them into their existing build processes alongside the public open source repositories they use today.

Person wearing glasses using a laptop in a control room with large digital screens displaying system data in background
Current offerings Lightwell Network

Lightwell Network provides annual, consolidated access to Lightwell security remediations and mitigations for eligible open source vulnerabilities, supporting remediation across the application ecosystem as coverage expands. Customers access the Lightwell registry through their existing software delivery workflows.

Lightwell Clearinghouse Premier

Lightwell Clearinghouse Premier represents our broader efforts to secure the open sources software supply chain across industries, starting with pre-selected critical US infrastructure.

Lightwell Clearinghouse Premier provides all the benefits of Lightwell Network, plus access to vulnerability reporting and remediation for member-specific package versions, novel vulnerability verification and disclosure handling.

Keep up with our development
Working together to protect your enterprise and open source software

Safeguarding the open source software supply chain requires an ecosystem that extends these fixes into active development pipelines. Lightwell is extended by a robust and growing ecosystem of technology and deployment partners.

By collaborating with industry leaders, Lightwell delivers a true orchestrated defense, enabling network rules, cloud environments, and deployment pipelines to be updated simultaneously when a fix is ready.

Two people review a tablet while another person works at a computer in a technology-focused office with servers in background

Full-stack coverage

Lightwell combines comprehensive software supply chain coverage with AI-augmented engineering and deep open source expertise to deliver trusted, enterprise-ready security at global scale. Initial ecosystem focus includes Maven/Java, where regulated industries have the greatest need for pinned-version remediation, with expansion planned across PyPI, npm, Go, and more.

End-to-end open source coverage

Support extends beyond infrastructure to the full software supply chain, including language ecosystems such as Java, data and streaming platforms like Kafka, build tools and AI frameworks, and the transitive dependencies embedded across enterprise applications.

20,000 engineers powered by AI

A global team works alongside advanced AI tools to deliver upstream co-maintenance, vulnerability triage, secure patching, dependency hardening, release engineering, and trusted distribution of production-ready packages.

Upstream to production security model

Lightwell connects upstream open source communities with downstream enterprise environments, contributing fixes upstream so software is enterprise-ready without fragmentation or delay.

Security services for Lightwell

Create the visibility needed to establish a strong foundation for Lightwell.

IBM Security Services helps organizations uncover vulnerabilities, misconfigurations, control gaps, and hidden dependencies across infrastructure, applications, identities, data, and cloud environments. By establishing a clear understanding of current risk, organizations can enter Lightwell with the context needed to drive meaningful outcomes.

View of a candid moment of a group meeting discussion at a modern office.

Address critical weaknesses before they become barriers to transformation.

IBM Security Services helps organizations prioritize and remediate vulnerabilities, close control gaps, and reduce cyber risk through risk-based remediation strategies. This foundational work improves security posture and prepares the environment for more advanced, continuous risk management through Lightwell.

Monitoring Room Technical Operator Observes System Stability. He's Surrounded By Screens Showing Technical Data.

Build the controls and governance needed for long-term success.

IBM helps organizations strengthen security across identities, networks, applications, data, and cloud environments through hardening, segmentation, governance, and defense strategies. These capabilities establish the resilient security foundation required to fully realize the value of Lightwell.

Team of dangerous male hacker using a powerful computer to spy the government. Security breach.

Mature security processes and improve organizational preparedness.  

IBM Security Services helps organizations improve visibility, strengthen operational processes, validate security capabilities, and align teams around a consistent security strategy. This readiness enables organizations to accelerate adoption and gain faster value from Lightwell.

UK Defence - military operator monitoring battle information in control room with screens and displays, future army and security concept

Prepare for the next generation of cyber risk and resilience.

IBM helps organizations modernize security operations through AI-enabled insights, automation, and advanced security practices. By establishing the people, processes, and technologies needed to operate in an increasingly AI-driven threat landscape, organizations are better positioned to leverage the full capabilities of Lightwell.

https://1.dam.s81c.com/m/3aab03a7330483f3/original/security-qradar-platform-image458x245.jpg

Start where you are with the AI Cyber Resilience Diagnostic for Lightwell

The effort to prepare for Lightwell can be significant. We can help you with a tailored approach that reflects where you are today and where you need to go.  

The AI Cyber Resilience Diagnostic helps you jumpstart your path to transformation. Start with a 2-week discovery assessment and walk away with a prioritized risk exposure that maps your real attack surface, activates protections against top exposures, and leaves your team with a remediation playbook and framework for continuous validation.

Learn more
Secure your software supply chain

With Lightwell, your organization can reduce vulnerability backlogs, remediate CVEs without forced upgrades, and maintain stability across certified environments.  

Deliver production-ready, signed patches with SLAs while contributing fixes upstream to strengthen the broader ecosystem.

  1. Sign up for updates
  2. Learn more about AI Cyber Resilience