Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

SolarWinds to release open-source software based on SUNBURST attack learnings

SolarWinds aims to become a model for enterprise software security after announcing its new Next-Generation Build System, a key component of the company’s Secure by Design initiative.

user iconReporter
Thu, 23 Jun 2022
SolarWinds to release open-source software based on SUNBURST attack learnings
expand image

At the time of the SUNBURST attack, the software build process that SolarWinds used was common throughout the technology industry. The Next-Generation Build System includes both new software development practices and technology to strengthen the integrity of the build environment.

This consists of a "parallel build" process, where the development of SolarWinds software takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.

The software development and build process improvements were made in an accelerated timeline over the past year in response to the highly sophisticated SUNBURST cyber attack, which targeted SolarWinds and other technology companies.

SolarWinds is releasing components of the new build system as open-source software, enabling other organisations to benefit from the company's learnings and help establish a new industry standard for secure software development.

The SolarWinds Next-Generation Build System operates on four key elements of their Secure by Design principles that include:

  • Dynamic operations: building only short-term software build environments that self-destruct after completing a specific task.
  • Systematic build products: ensuring build products can be made deterministically so any newly created byproducts will always have identical, secure components.
  • Simultaneous build process: creating software development byproducts, such as data models, in parallel to establish a basis for detecting unexpected modifications to the products.
  • Detailed records: tracking every software build step for complete traceability and permanent proof of record.

“Communicating transparently and collaborating within the industry is the only way to effectively protect our shared cyber infrastructure from evolving threats,” said Sudhakar Ramakrishna, president and CEO, SolarWinds.

"Our Secure by Design initiative is intended to set a new standard in software supply chain security via innovations in build systems and build processes.

"We believe our customers, peers, and the broader industry can also benefit from our practices," Ramakrishna said.

The new software build process is a key component of the company’s Secure by Design initiative aimed at making SolarWinds a "model for enterprise software security", according to the company.

[Related: UniSA and colleagues design scanning tool to curb hacking]

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.