The next cyberattack is always around the corner, but you can use every minor incident to help you prepare for major ones. Designing your environment with security in mind at every step will help you better prepare, and you must make sure all those who contribute to your environment are equally secure, including your software partners.
16. @solarwinds
The SolarWinds, SolarWinds & Design, Orion, and THWACK
trademarks are the exclusive property of SolarWinds Worldwide,
LLC or its affiliates, are registered with the U.S. Patent and
Trademark Office, and may be registered or pending registration
in other countries. All other SolarWinds trademarks, service
marks, and logos may be common law marks or are registered or
pending registration. All other trademarks mentioned herein are
used for identification purposes only and are trademarks of (and
may be registered trademarks) of their respective companies.
Hinweis der Redaktion
SolarWinds follows a standard Secure Development Lifecycle approach, including requirements analysis, secure development, security testing, release, and response.
As part of the process, Checkmarx is utilized for static code analysis, WhiteSource is utilized for open-source discovery/analysis, and internal penetration (PEN) testing utilizing Burp Suite and Rapid7 InsightAppSec prior to a final security review.
Below is a representation of the current SolarWinds build process (Phase II), which is designed to ensure the security and integrity of the code and that no insertions or alterations have occurred during the build process.With Phase I, released in SolarWinds Orion Platform version 2020.2.4 on January 25, 2021, we introduced a dual build verification into our process. This enabled us to take compiled binaries back to the source code files with the associated hashes and compare those hashes with the files in source control, thus ensuring no alteration or insertion occurred within the build pipeline.
Phase II of this process incorporates our build in the AWS environment and adds several security enhancements.
We will complete this journey with Phase III, represented in the below diagram. This encompasses the triple build environment, which is also SLSA Level 4 compliant
Below is a representation of the current SolarWinds build process (Phase II), which is designed to ensure the security and integrity of the code and that no insertions or alterations have occurred during the build process.With Phase I, released in SolarWinds Orion Platform version 2020.2.4 on January 25, 2021, we introduced a dual build verification into our process. This enabled us to take compiled binaries back to the source code files with the associated hashes and compare those hashes with the files in source control, thus ensuring no alteration or insertion occurred within the build pipeline.
Phase II of this process incorporates our build in the AWS environment and adds several security enhancements.
We will complete this journey with Phase III, represented in the below diagram. This encompasses the triple build environment, which is also SLSA Level 4 compliant