IT management and observability software provider SolarWinds has become the inaugural software provider to submit the Secure Software Development self-attestation as part of the U.S. government's overall plan to fortify the software supply chain.
The event is particularly notable because SolarWinds was one of the first software companies that suffered from a software supply chain attack, first reported in December 2020. More information about the event and SolarWinds' response is here.
The SolarWinds Orion security breach, a.k.a. SUNBURST, impacted numerous U.S. government agencies, business customers and consulting firms. Russian hackers allegedly weaponized SolarWinds Orion business software updates in order to distribute malware called SUNBURST. From there, the Russian hackers allegedly attacked multiple government, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East, FireEye said in a blog post and The Washington Post further reported.
The SolarWinds self-attestation aligns with U.S. government requirements from the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB), marking what the company calls a significant milestone in cybersecurity standards.
Support for National Cybersecurity Initiatives
Endorsed by the White House and released by CISA, the Secure Software Development Attestation form is part of the Department of Homeland Security's strategy to fortify the software supply chain and promote transparent information-sharing between the public and private sectors.
Chip Daniels, Vice President of Government Affairs at SolarWinds, commented:
"In a landscape where cybersecurity threats are ever-evolving, public-private partnerships remain absolutely paramount for creating a secure and resilient digital infrastructure for our nation. By working hand in hand, we can ensure that our cybersecurity measures are not just reactive but proactively designed to anticipate and mitigate threats."
Tim Brown, Chief Information Security Officer and Vice President of Security at SolarWinds, stated:
"In order to pioneer secure software development, we understand that security is not just a feature but the very foundation upon which modern digital ecosystems must be built. At SolarWinds, we are committed to setting new standards in cybersecurity, embracing transparency, and fostering a culture of relentless innovation."