The Solarwinds Tipping Point
This resource is published by Digicert
In December 2020, hackers had broken into several federal government computer networks and the attack was traced back to a software system, called Orion, an IT management program built and sold by the Texas-based cybersecurity company SolarWinds.
Signing software is important in and of itself, but it’s all too easy to overlook the management of signing policies and practices—and that’s where we find security gaps that can be exploited. When it comes to software security, the choice is binary. You can choose best practices, or you can choose to leave your supply chain open to attack.
The vulnerability that led to the SolarWinds data breach wasn’t caused by weak security tools. It was a failure to implement every step on the list of code signing best practices. How could the SolarWinds attack have been prevented?
Server, Storage, Software, Open Source, Network, IT Security, Firewall, Malware, Firewall, Server, Storage, Storage, SAN, Cloud, DevOps