Security News > 2021 > May > SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach

SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach
2021-05-11 19:59

SolarWinds' chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a "Very small" number while giving a speech to an infosec event.

"Although the number of affected customers is very small, that we eventually discovered, it is still a very important thing to discover, because this is a unique and very novel attack on the supply chain of a company," said Ramakrishna in his opening remarks - adding that "None of our source code control systems were tampered with."

As regular readers know, SolarWinds is the maker of the Orion network infrastructure monitoring platform which was compromised last year.

Russian spies broke into SolarWinds' build system and secretly injected backdoor code into Orion updates, which was subsequently distributed to installations worldwide.

Of more interest to technically minded readers was the revelation that SolarWinds has rearchitected its build processes, now having "Three different environments" running in parallel with their outputs being cross-matched against each other to ensure there are no unexpected differences before being integrated into the final product.

Previously SolarWinds had a traditional single-track build process, the output of which was digitally signed using a cryptographic certificate.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/05/11/solarwinds_ceo_orion_build_system/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215