Security News > 2021 > January > Russia’s SolarWinds Attack and Software Security

Russia’s SolarWinds Attack and Software Security
2021-01-08 12:27

Obscure software packages can have hidden vulnerabilities that affect the security of these networks, and sometimes the entire Internet.

Any system for acquiring software needs to evaluate the security of the software and the security practices of the company, in detail, to ensure they are sufficient to meet the security needs of the network they're being installed in.

Procurement contracts need to include security controls of the software development process.

Some of the groundwork for an approach like this has already been laid by the federal government, which has sponsored the development of a "Software Bill of Materials" that would set out a process for software makers to identify the components used to assemble their software.

These security requirements need to be monitored throughout the software's life cycle, along with what software is being used in government networks.

The Biden administration should prioritize minimum security standards for all software sold in the United States, not just to the government but to everyone.


News URL

https://www.schneier.com/blog/archives/2021/01/russias-solarwinds-attack-and-software-security.html

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 101 81 50 265