IBM and Red Hat are throwing serious weight behind open-source security with their $5 billion Project Lightwell.
Open-Source Software on the Front Lines
The vast majority of modern software relies on open-source projects in some way. These codebases are maintained by volunteers and community-driven teams around the world, with the code then being used and distributed by companies like IBM and Red Hat. The problem is, this model can leave open-source projects vulnerable to security threats.
The open-source model is a double-edged sword when it comes to security. On one hand, transparency is key to identifying vulnerabilities and fixing them quickly. On the other hand, this transparency means that hackers can also see exactly where and how to exploit those vulnerabilities. It’s a constant cat-and-mouse game that can leave users and developers exposed.
$5 Billion and a Whole Lot of Human Hours
IBM and Red Hat are throwing a massive amount of resources at the problem with Project Lightwell. As part of this effort, they’re committing $5 billion to improving the security of open-source projects. It’s not just a matter of throwing money at the problem, though – IBM and Red Hat are also assigning more than 20,000 employee-hours to the project.
What this means
For developers and users, Project Lightwell’s commitment to open-source security means that the projects they rely on are going to be significantly more secure. IBM and Red Hat are essentially promising to bring the same level of security expertise and resources that they devote to their own proprietary software to the open-source projects they use.
What this means in practical terms is that users can have a bit more confidence in the software they’re using – and developers can focus on building better software without constantly worrying about the security implications of their choices.
