Security News > 2021 > March > SolarWinds attack makes us distrust the software we buy
Security expert says because we can't inspect the inner workings of the software we buy, we're at the mercy of software companies' security practices.
TechRepublic's Karen Roby spoke with Manish Gupta, founder and CEO of ShiftLeft, a code analysis software company, about the SolarWinds attack and its effect on cybersecurity.
The SolarWinds attack was novel in that the attackers infected the very software that we trust.
This breach of trust of software is huge because software is driving everything around us.
As I mentioned earlier, because of the implicit trust that we place and what perhaps makes the problem worse is if, for example, we as consumers or enterprise companies, when we download software, when we buy software from a third party, there is a very limited ability we have to inspect what is in that software.
I think one of the key reasons why people are realizing is if we take a modern software company, let's say a SaaS, Software as a Service company, 100% of their revenue comes from the software that they're hosting in the cloud.
News URL
Related news
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)