Lightwell

Lightwell helps enterprises address vulnerable third-party open source dependencies when normal upgrades create compatibility, certification, release, audit, or production risk.

What is Lightwell?

Lightwell is a joint initiative between Red Hat and IBM focused on securing the open source software supply chain. It extends Red Hat’s proven model of enterprise open source maintenance by providing access to security remediations and mitigations far beyond our traditional product footprint.

Lightwell introduces specialized AI agents paired with human expertise to triage and fix code issues. Video duration 2:07

It is structured as an annual subscription with two options:

  • Lightwell Network: Consolidated self-service access to signed libraries, remediations, and patched artifacts for eligible open source vulnerabilities as they become available through Red Hat secured repositories.
  • Lightwell Clearinghouse Premier: Currently limited-availability, all the benefits of Lightwell Network, plus access to vulnerability reporting and remediation for member-specific package versions, novel vulnerability verification and disclosure handling, anonymized access to other member requests, and Technical Account Manager (TAM) services.

At a high level, Lightwell helps customers:

  • Identify vulnerable third-party open source dependencies
  • Review whether Lightwell is relevant for the dependency and remediation scenario
  • Access security remediations and mitigations through the appropriate Lightwell offering path
  • Work with Red Hat to understand the appropriate Lightwell offering path and, where separately scoped, how remediation can fit into broader production delivery needs

Why Lightwell?

Modern applications depend on open source software across languages, frameworks, and application stacks, but AI-driven vulnerability discovery has reshaped the open source cybersecurity landscape. When vulnerabilities are discovered, the recommended fix is often to upgrade. But in enterprise environments, upgrades can be disruptive, slow, or risky because of compatibility requirements, regression testing, certification needs, customer commitments, release windows, or production constraints.

Lightwell helps customers engage Red Hat around open source vulnerability remediation paths designed for enterprise environments where speed, stability, and operational confidence all matter.

For over two decades, Red Hat has backported security patches across thousands of packages. Lightwell scales this exact model across a wider scope of open source ecosystems. We are applying the same discipline, upstream commitment, and engineering rigor across all active application layers.

Matt Hicks

President and CEO, Red Hat

Security icon with a white shield, encircled in red, protecting data clusters and a code report

Working together to protect your enterprise and all of open source

Securing open source is a collective industry challenge, one that no single enterprise can solve alone. To that end, we’re also joining other coordinated industry efforts to secure the software supply chain. This includes the Linux Foundation’s Akrites project, OpenAI Daybreak and Anthropic’s Project Glasswing.

How the Lightwell subscription works

Lightwell is structured as an annual subscription. It includes the currently available Lightwell Network model, and the Lightwell Clearinghouse Premier (limited-availability) model for preselected customers in critical infrastructure areas, with plans for a broader future release.

Customers access Lightwell remediations through Lightwell repositories and integrate them into their existing build processes alongside the public open source repositories they use today.

Lightwell-icon

Lightwell Network

Lightwell Network is currently available to offer an engagement path with Red Hat for open source vulnerability remediation.

Lightwell Network provides annual, consolidated access to Lightwell security remediations and mitigations for eligible open source vulnerabilities, supporting remediation across the application ecosystem as coverage expands. Customers access the Lightwell repositories through their existing software delivery workflows.

Lightwell Clearinghouse Premier Limited availability

Lightwell Clearinghouse Premier represents our broader efforts to secure the open source software supply chain across industries, starting with pre-selected critical US infrastructure.

Lightwell Clearinghouse Premier provides all the benefits of Lightwell Network plus access to vulnerability reporting and remediation for member-specific package versions, novel vulnerability verification and disclosure handling, anonymized access to other member requests, and TAM services.

For Red Hat partners

Your customers need to stay ahead of AI-related threats and vulnerabilities that can slow down their open source supply chain. You can help them do that by providing deployment, integration, compliance, and other services when they’re ready to implement Lightwell.

Accenture logo
AMD logo
EY logo
F5 logo
HCL Tech logo
Intel logo
JFrog logo
Kyndryl logo
LTM logo
paloalto logo
TCS logo

Red Hat’s security ecosystem

Beyond Lightwell, Red Hat offers additional security support for your enterprise needs.

Sovereign cloud illustration

Red Hat Sovereign Cloud

Build and deploy multi-tenant infrastructure with a sovereign support model designed to to mitigate extra-territorial risk and meet regulatory compliance.

Red Hat hardened images illustration

Red Hat Hardened Images

A free, vendor-neutral catalog of trusted, micro-sized images created from Red Hat’s years of expertise.

Red Hat Enterprise Linux long-life illustration

Red Hat Enterprise Linux Long-Life Add-On

Get continued access to critical software security and bug fixes, including technical support for any version of Red Hat Enterprise Linux with no pre-determined end date.

Solutions to support your compliance management goals

Contact sales

Reach out to our sales team for details about a Lightwell Network subscription.