In late May, Red Hat and its parent IBM announced they would allocate $5 billion and 20,000 engineers to Project Ligthwell, "to help enterprises secure open source software" alongside a group of big-target financial services companies.
The project, which the companies describe as "a trusted enterprise clearinghouse" for open source code, is exactly what Red Hat has always done: backporting security patches and upstreaming them, securing customers first and improving the entire ecosystem over time.
Even the mechanism is similar. Project customers point their build tools to the Red Hat registry and Red Hat takes care of scanning, backports, and patching, plus managing the upstream contributions.
But the project's plans to address the broader application landscape, including "independent libraries, language toolchains, AI frameworks, and data streaming platforms", is were it diverges from securing a discrete set of packages.
And that complicates matters – starting with who gets to decide what is covered.
When it expands beyond the early adopters, Red Hat chief product officer Ashesh Badani told The Stack Lightwell will likely have two contract tiers. Those who only need the patches will be able to choose a "read-only mode", with a premium option for those who want to be involved in determining which packages Lightwell will include.
Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。