Security News > 2021 > March > SolarWinds attack makes us distrust the software we buy
Security expert says because we can't inspect the inner workings of the software we buy, we're at the mercy of software companies' security practices.
TechRepublic's Karen Roby spoke with Manish Gupta, founder and CEO of ShiftLeft, a code analysis software company, about the SolarWinds attack and its effect on cybersecurity.
The SolarWinds attack was novel in that the attackers infected the very software that we trust.
This breach of trust of software is huge because software is driving everything around us.
As I mentioned earlier, because of the implicit trust that we place and what perhaps makes the problem worse is if, for example, we as consumers or enterprise companies, when we download software, when we buy software from a third party, there is a very limited ability we have to inspect what is in that software.
I think one of the key reasons why people are realizing is if we take a modern software company, let's say a SaaS, Software as a Service company, 100% of their revenue comes from the software that they're hosting in the cloud.
News URL
Related news
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)