Deloitte Touche Tohmatsu Ltd. is joining an initiative that IBM Corp. and its Red Hat unit launched in May to fix open-source software vulnerabilities.
The companies announced the move today.
U.K.-based Deloitte launched in the middle of the 18th century as an accounting firm. Today, it’s the world’s largest provider of professional services with $70.5 billion in revenue as of fiscal 2025. The company has a sizable cybersecurity business that helps enterprises scan their infrastructure for vulnerabilities, detect breaches and perform related tasks.
The open-source security initiative at the center of today’s partnership is called Lightwell. IBM and Red Hat launched it last month with a $5 billion initial commitment. Additionally, the companies committed 20,000 engineers to the effort. Lightwell is designed to help enterprises detect and patch exploits in the open-source projects that underpin their software.
Deloitte will work with IBM to help joint customers map out what open-source components their developers use. Furthermore, the consulting giant will continuously update that component inventory as companies’ software changes. The goal is to avoid situations where an enterprise is unaware that one of its applications contains a vulnerable open-source module.
The patches that open-source project maintainers issue for vulnerabilities don’t always work out of the box. For example, an update might only be compatible with the latest version of a project or require extensive configuration changes. IBM and Red Hat will provide automated patch validation to help Lightwell clients ensure that security updates work as intended. Deloitte, in turn, will manage the process of installing patches and validating their effectiveness.
The consulting giant will assign a team of forward-deployed engineers, or FDEs, to support the effort. An FDE is a developer who works at a client organization’s offices. Deloitte says that the participating employees will help customers with not only vulnerability remediation but also ongoing software maintenance.
The company and IBM stated that the partnership will focus on “regulated software supply chains.” That indicates they plan to prioritize organizations in highly regulated sectors. Deloitte’s cybersecurity business helps customers with, among other tasks, ensuring that their systems adhere to industry-specific cybersecurity laws.
The partnership will also encompass certain other tasks. IBM, Red Hat and Deloitte will help companies report breaches to regulators. Additionally, they will notify open-source project maintainers about vulnerabilities before publicly disclosing them. That enables maintainers to release patches before hackers become aware of a new security flaw.
“Lightwell was created to address the growing challenge of securing open source software in an AI-driven threat landscape,” said Savio Rodrigues, IBM’s vice president of service partners. “It brings together the engineering, automation and ecosystem partnerships needed to tackle this risk at scale.”
Photo: IBM
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
