AI can speed development and help detect bugs, but it also increases the volume of security reports that overwhelm open-source maintainers. cURL maintainer Daniel Steinberg reported that incoming security reports have risen sharply, leading to burnout and a request for more corporate funding to distribute workload. IBM and Red Hat responded with Project Lightwell, described as a first-of-its-kind force to identify and remediate vulnerabilities in open-source software at industrial scale. The initiative aims to function as a clearinghouse for securing open-source components used in enterprise IT. Lightwell does not pay upstream developers; instead, it equips IBM and Red Hat engineers with AI tools to secure business-critical projects. IBM and Red Hat plan to invest $5 billion over the program’s duration.
"“The rate of incoming security reports is four to five times higher than it was in 2024 and double the speed of 2025.” For the first time, he confessed, “I work more than I've done before, but the flood keeps coming.” Steinberg is on the verge of burning out. So, he asked for more companies “to fund us” so they could then pay more developers to distribute the workload."
"“Project Lightwell,” an AI‑powered initiative they described as a “first‑of‑its‑kind force” to find and fix vulnerabilities in open-source software at an industrial scale. Lightwell aims to become a de facto clearinghouse for securing the open-source components that underpin modern enterprise IT."
"However, the initiative will not pay upstream developers. Instead, Lightwell provides IBM and Red Hat engineers with AI tools to work on important, business-critical open-source projects and make them as secure as possible. Since Anthropic's Mythos Preview model has already identified nearly 3,900 serious security vulnerabilities in open-source software in just a few weeks, the urgent need for faster fixes is crystal clear."
#open-source-security #ai-vulnerability-detection #ibm-and-red-hat #software-maintenance #cybersecurity-funding
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]