Deloitte has joined Lightwell, an open-source software vulnerability initiative launched by IBM and Red Hat in May, SiliconANGLE reported on June 26.

Lightwell is a project launched by IBM and Red Hat with an initial $5 billion investment and 20,000 engineers. It is focused on detecting and patching vulnerabilities in open-source projects that form the foundation of enterprise software.

Deloitte will work with IBM to support joint customers by identifying and cataloguing the open-source components used by developers. It aims to keep the inventory continuously updated as software changes, to prevent companies from unknowingly running applications that include vulnerable open-source modules.

According to Deloitte, patches released by open-source project maintainers are not always applied immediately. Some work only in the latest version, or require extensive configuration changes during patching. IBM and Red Hat provide automated validation capabilities to check whether patches work as intended, and Deloitte manages actual patch installation and verification of effectiveness. Deloitte will deploy an on-site team of engineers to reside with customers and support vulnerability remediation and ongoing software maintenance.

Savio Rodrigues (사비오 로드리게스), vice president of IBM's service partner division, said, "Lightwell is intended to address open-source software security issues in an AI-based threat environment."