SolarWinds: Three Is Allegedly Better Than One
October 29, 2021
Most organizations have one, generally semi-organized development approach. “SolarWinds’ CEO Wants To Give The Hackers Who Attacked It A Headache By Massively Multiplying Code” reports that the poster child for putting malware in a software distribution system has a way to thwart the 1,000 programmers bent on doing bad things to good American software.
And the solution? Forbes, the capitalist tool, reveals:
But arguably the biggest change—and the one that’s most likely to attract the attention of other CEOs and technology leaders—is his [Sudhakar Ramakrishna, the new SolarWinds CEO] decision to create three separate software development pipelines rather than the single one SolarWinds had before.
In bad actor land, one attack surface is okay. Three attack surfaces are, I suppose, more okay. SolarWinds begs to disagree.
The idea is that “hackers now have to break into multiple systems rather than a monolithic development pipeline.”
I did an analysis of the SolarWinds’ misstep for a financial outfit. A couple of members of my research team kept pressing me to emphasize that the breach may have been facilitated by an insider or by someone hired by a front company for a bad actor who had experience working in the SolarWinds’ digital vineyard. I mentioned the possibility and referenced several recruitment sites which say they can provide part-timers with experience in major enterprise software systems.
My question, “If the insider or the part time wizard is involved, maybe three development pipelines won’t work?” The possibility exists.
Stephen E Arnold, October 29, 2021
Comments
-
- Subscribe to Beyond Search
Feature archive
News archive
-
