SOFIAH NICHOLE SALIVIO

News Editor

Red Hat, IBM and Deloitte have announced a collaboration on Project Lightwell, an initiative focused on open source software security in corporate supply chains.

Deloitte will join Lightwell as an integration partner, adding cyber risk services and software supply chain expertise to a model designed to patch vulnerabilities at scale. The arrangement is intended to help organisations identify vulnerable code, prioritise threats and deploy validated fixes without waiting for full software upgrades.

Lightwell addresses a problem facing large organisations that rely on a mix of in-house software, open source components and third-party commercial products. A flaw in one part of that stack can spread risk across multiple applications and business functions, particularly when software versions are pinned to older releases that companies are reluctant to change quickly.

According to IBM and Red Hat, the project coordinates vulnerability disclosures with independent maintainers, then develops, tests and backports patches to the software versions running in production. That approach is intended to help companies protect systems already in use while avoiding broader, potentially disruptive upgrade cycles.

The collaboration gives Deloitte a role across the software lifecycle, including mapping software assets, assessing exposure and helping move fixes into production systems. The professional services firm said it will maintain a bench of Forward Deployed Engineers to support remediation and application maintenance for clients.

Rising pressure

The announcement comes as companies face a growing volume of software vulnerabilities and a faster pace of exploitation. The three groups pointed to the rise of AI-assisted attacks, which can shorten the time between the discovery of a flaw and attempts to exploit it.

That has made software supply chain security more pressing for regulated industries and other large enterprises, where changes to production systems often require lengthy testing and governance. By separating remediation from the broader upgrade process, the partners aim to address a common bottleneck in corporate security operations.

The plan covers four main areas: continuous discovery of first-party, open source and third-party software; contextual analysis to distinguish urgent threats from lower-priority issues; remediation through coordinated testing and deployment; and reporting for boards, auditors and regulators.

It also emphasises managing relationships with upstream open source communities and software vendors. That includes pre-disclosure vulnerability handovers and evidence-based reporting intended to improve accountability across the software lifecycle.

Deloitte said the effort builds on its existing work with IBM on cybersecurity, resilience and digital trust, as well as a long-standing alliance with Red Hat focused on open source technologies and IT automation. The new collaboration brings those strands together in a more targeted security programme for open source software maintenance.

Adnan Amjad outlined Deloitte’s view of the issue.

“Exploits don’t wait for manual patching processes, and neither can enterprise response. Together, we’re enabling clients to operate at machine speed to identify, validate and remediate vulnerabilities. This collaboration is about building the operational resilience needed to maintain trust across increasingly complex software ecosystems, creating systems that can withstand and neutralise risk without disrupting the business,” said Adnan Amjad, US Cyber Leader, Deloitte.

IBM said Lightwell was created in response to the growing difficulty of securing open source software as the threat environment changes. It described the Deloitte tie-up as a way to extend an existing engineering and automation model to a wider set of organisations.

“Lightwell was created to address the growing challenge of securing open source software in an AI-driven threat landscape. It brings together the engineering, automation and ecosystem partnerships needed to tackle this risk at scale. We’re excited to collaborate with Deloitte and leverage its capabilities in cyber risk management to extend this model to more organisations,” said Rodrigues.

Red Hat said the collaboration is intended to bring patching work directly into enterprise application environments, with an emphasis on the versions customers are already running rather than requiring immediate migrations to newer releases.

“Open source drives innovation, but the volume of AI-generated threats requires engineering capacity that matches the speed of the attacker. Our work with Deloitte will bring the remediation capabilities we developed with IBM through Lightwell directly to enterprise application environments. Together we will isolate, patch and deliver the fixes, supporting the open source ecosystem while protecting the specific versions our customers depend on,” said Kennedy.

Blue John has launched GREY, a people risk intelligence platform for small and medium-sized businesses and growth companies in regulated industries. The product is led by Founder and Chief Executive Officer Lorna Cobbett.

The launch comes as employers face closer scrutiny over conduct in financial services and broader questions about the reliability of conventional hiring methods in the age of AI-generated applications.

GREY is designed to sit alongside existing recruitment systems rather than replace them. The platform reviews public data, applies reputation analysis and uses neuroscience-based assessment methods to produce a human-reviewed report on a candidate before a hiring decision is made.

It identifies what Blue John describes as high-stakes reputational issues, hidden risks and untapped potential, then assesses workplace traits through a model it has branded Traitmarks. Reports are guided by Violet, which the company describes as GREY’s AI analyst.

Blue John is targeting employers in regulated sectors, where hiring decisions can carry compliance as well as operational risk. It argues that existing tools such as CVs and psychometric tests provide only a partial picture of a candidate, particularly when AI tools can help applicants produce highly polished applications.

Cobbett, a former Goldman Sachs banker who later became a reputation agency Chief Executive Officer, said the existing model for assessing candidates no longer reflects the realities facing employers.

“The talent system is broken and we’ve been assessing talent the same way for too long,” said Lorna Cobbett, Founder and Chief Executive Officer, Blue John.

“It’s time to look at who a person actually is, not what they claim to be,” Cobbett said.

Blue John said one in three hires is a wrong hire, with the average cost estimated at three times salary. It argues that the damage extends beyond direct financial loss to include disruption to culture, performance and corporate reputation.

Regulatory pressure

Part of Blue John’s pitch rests on changing regulation. The company pointed to the Financial Conduct Authority’s Non-Financial Misconduct Rules, which it said will extend to around 37,000 non-bank firms, and to the Employment Rights Act 2025, which it said changes the significance of the probation period in employment decisions.

Against that backdrop, Cobbett said employers are facing a convergence of pressures in recruitment and workforce management.

“GREY gives organisations the insight to see the person – not the AI-perfect CV – before they become a costly wrong hire,” Cobbett said.

“We’re here to protect your talent system, not replace it,” she added.

Blue John said the platform can also be used beyond recruitment, including for onboarding, talent management and leadership development. It described this broader use as a way for organisations to build a growing base of internal intelligence over time.

The business was founded by a team with experience in reputation management, due diligence and Open Banking. Cobbett said that background shaped a model that looks outward at a person’s public reputation and behaviour rather than relying solely on self-description in interviews or tests.

Funding plans

Blue John said it has backing from strategic angel investors in financial services, professional services and serial entrepreneurs. It is preparing a seed fundraising round targeting £3 million.

The company also outlined a broader ambition to create what it calls “Open Reputation”, a framework intended to make talent-related reputation data more visible and usable in hiring and workforce decisions.

Cobbett linked that idea to earlier changes in financial data sharing.

“We are at a defining moment for talent. AI has made the CV so perfect it has become unreliable and no-one trusts it. Alongside this trust collapse, the Employment Rights Act 2025 is about to turn the traditional six-month probation period into a legal milestone. And the FCA’s Non-Financial Misconduct Rules extend to 37,000 non-bank firms from September this year, making every talent decision in financial services a risk and compliance event,” Cobbett said.

“These are three forces converging at once and the trust infrastructure organisations need to respond simply does not exist yet. No one has been looking outward at the person – at who they actually are, how they behave and how they will show up in the workplace. This is what GREY changes and is the foundation of a new category: people risk intelligence. Organisations need to start thinking about how they will mitigate people risk now,” she said.

She said the longer-term goal extends beyond a single hiring tool.

“My vision has always been to create Open Reputation, doing for talent data what Open Banking did for financial data,” Cobbett said.

“This is about building trust infrastructure and establishing a level playing field for talent. Personal reputation is no longer just a risk to be managed, it’s an asset to be understood,” she added.

The Goldfish Bowl in Magdalen Road, a much-loved, family-run fishkeeping shop, announced it would shut down on July 31 after decades in the community.

Owned by Barry Allday, the award-winning specialist shop has been a central part of the East Oxford community, and the team described its time trading as a “remarkable journey”.

READ MORE: Oxford fishkeeping shop announces closure after 70 years

The owners retirement, the increase in running costs and “implementations of the current transport schemes” by the council were cited as the “challenges” which lead to the business’ closure.

Barry Allday, then a partner at The Goldfish Bowl, pictured with a fish in 2008 (Image: Jon Lewis)

Customers took to social media to share their memories of the shop, and their shock and sadness that it would close.

Dawn Amanda said: “Gutted for you. I remember coming in many times 30 or 35 years ago when I was setting up for the first time.

“The kids loved coming in to see all the fish, kept them mesmerised whilst adults loitered around and made purchases in peace. Enjoy your retirement.”

Commenter Matt Jefferies shared similar memories of his time working at the store, and said: “The Goldfish Bowl played a huge part in my childhood and adulthood a like.

“I remember the first purchase, the relentless phone calls asking Barry for a job until he finally gave in, the endless cycle of hosing down the system filters, learning how to speed mop the shop floor, the late finishes unpacking thousands of fish and so much more.

“I truly wish the past and present staff all the best for the future.”

The Goldfish Bowl in Magdalen Road, 2008 (Image: Jon Lewis)

READ MORE: Oxford fishkeeping shop blames closure on transport schemes

While others shared how important the shop has been in their lives, with Chris Hollis adding: “Barry, I’m so sorry to hear this. One, if not the best fishkeeping shops in the country.

“I used to go to the shop in Headington and was a frequent visitor with my children to East Oxford. They still talk about it today and they’re in their 30s.

“Your knowledge, professionalism and friendliness is second to none.”

Ping Low and Barry Allday owned The Goldfish Bowl in 2021 (Image: Ed Nix)

While commenter Bee Ames echoed the sentiment, adding: “End of an era! Many happy times and years visiting during my fish keeping.

“The customer service and knowledge was second to none. It is a very sad time for Oxford and even sadder that your hand has been forced.

“However, enjoy a much earned and well deserved retirement. What an outstanding achievement.”

The Goldfish Bowl, Magdalen Road, Oxford (Image: Google)

Sharing his nostalgia for the store, Phil Fugle said: “Such a shock and sad news.

READ MORE: Man survives being hit by train at Radley railway station

“Back in the late 60s I used to come to the famous Goldfish Bowl and spend hours looking round and then as I got older and still lived in Oxford, was a regular for all my aquatic needs.

“I moved away from Oxford but whenever visiting always called in. A huge part of my life along with so many others.”

Among the hundreds of other customers sharing their sadness, Alice Elizabeth Taylor said: “! In really is a part of the local community and people are heartbroken to hear it won’t be there any more. It will still be remembered for a very long time to come.”