MSP, Content, Networking

SolarWinds Updates Build System to Align With NIST Secure Software Development Framework

Credit: Getty Images

SolarWinds' Next-Generation Build System now aligns with NIST's Secure Software Development Framework, advancing cybersecurity in response to the SUNBURST attack.

This development is part of the company's Secure by Design initiative, launched in 2021 following the SUNBURST cyberattack – a highly sophisticated supply chain attack that took place in 2020. The incident is attributed to an advanced persistent threat group, suspected to be of Russian origin. This attack targeted the Orion Platform, a network management software developed by SolarWinds, a company based in the United States.

The Secure by Design initiative aims to enhance overall cybersecurity through a combination of proprietary technology, products, and processes.

Key to this effort is the Next-Generation Build System, featuring a parallel build process conducted in multiple secure, duplicate, and ephemeral environments, according to SolarWinds.

About SolarWind’s Build System

The system conducts software builds in parallel, assuming a breach position to eliminate implicit trust in applications and services, and employing ephemeral operations to eliminate dependencies. The system also utilizes automated tools for regular vulnerability scanning throughout the development process and generates a software bill of materials (SBOMs) providing a full picture of all components used in the build process, according to the company.

Tim Brown, Chief Information Security Officer and VP, Security, SolarWinds, commented:

"The SSDF guidelines will be an important step in strengthening our nation's overall cybersecurity posture. At SolarWinds, we've implemented our Secure by Design initiative with the goal of becoming a leader in enterprise software security. This has included aligning our software development processes with NIST’s Secure Software Development Framework and CISA’s Enduring Security Framework as outlined by the National Cybersecurity Strategy."