Security News > 2021 > May > SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach
SolarWinds' chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a "Very small" number while giving a speech to an infosec event.
"Although the number of affected customers is very small, that we eventually discovered, it is still a very important thing to discover, because this is a unique and very novel attack on the supply chain of a company," said Ramakrishna in his opening remarks - adding that "None of our source code control systems were tampered with."
As regular readers know, SolarWinds is the maker of the Orion network infrastructure monitoring platform which was compromised last year.
Russian spies broke into SolarWinds' build system and secretly injected backdoor code into Orion updates, which was subsequently distributed to installations worldwide.
Of more interest to technically minded readers was the revelation that SolarWinds has rearchitected its build processes, now having "Three different environments" running in parallel with their outputs being cross-matched against each other to ensure there are no unexpected differences before being integrated into the final product.
Previously SolarWinds had a traditional single-track build process, the output of which was digitally signed using a cryptographic certificate.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/05/11/solarwinds_ceo_orion_build_system/
Related news
- 51% of enterprises experienced a breach despite large security stacks (source)
- UnitedHealth admits IT security breach could 'cover substantial proportion of people in America' (source)
- It may take decade to shore up software supply chain security, says infosec CEO (source)
- Confused by the SEC's IT security breach reporting rules? Read this (source)