SolarWinds: A Path to Excellence in Software Supply Chain Security

Introduction

The software supply chain presents one of the most significant challenges in the technology industry today. It is vital for organizations to understand the components that make up their software, how these components fit together, and the trustworthy usage of such software. This is where Spectre Assure by SolarWinds comes into play.

Expertise at SolarWinds

Tim Brown, the Chief Security Officer (CSO) at SolarWinds, brings over 30 years of cybersecurity experience to the company. With a background in building products and running engineering teams, Tim has previously served as the Chief Technology Officer (CTO) for several major organizations in the security sector, including Dell Software and CA Technologies. Since joining SolarWinds eight years ago, he has continued to focus on protecting the company’s assets and ensuring the security of its products.

Multifaceted Security Approach

SolarWinds has been an IT observability leader for 25 years, providing tools tailored for IT teams, DevOps, and help desk personnel. Tim’s mission encompasses several aspects of security, including:

• Security Operations: This involves monitoring various services, be it in the cloud or on-premises.
• Compliance Management: The compliance team ensures compliance with various regulations such as SOC 2 and ISO standards.
• Product Development: Tim collaborates with product and security architects to enhance the security posture during the product development lifecycle.

After an incident, SolarWinds strived for exemplary security measures. This led to the adoption of frameworks such as the Secure Software Development Framework and the Enduring Security Framework.

The Role of Reversing Labs

Reversing Labs contributes significantly to SolarWinds’ software development and security processes. They perform static code analysis and various inspection tools to scrutinize source code and provide an essential final check on build releases. Reversing Labs is instrumental in identifying malware, suspicious behavior, and potential tampering within the software.

One crucial aspect they help with is the generation of the Software Bill of Materials (SBOM). With increased pressure from regulatory bodies like CISA, SolarWinds began producing SBOMs for their products, especially in response to requests from federal and commercial customers. This capability enables SolarWinds to close deals effectively and meet customer requirements.

Importance of Software Evaluations

Tim emphasizes the need for enhanced third-party risk management. While many organizations rely on traditional evaluations such as SOC 2 compliance checks or completion of various questionnaires, these methods often lack the depth required for adequate risk assessment. By utilizing Reversing Labs prior to software purchases, SolarWinds ensures a thorough review of potential threats, obtaining not just the SBOM but also insights into possible malicious code or tampering.

Reversing Labs serves a dual purpose: as a software provider, SolarWinds generates essential security documentation and validation for its consumers, and as a software consumer, they run Reversing Labs to attain the same level of assurance for the products they buy.

Adapting to a Changing Threat Landscape

The ever-evolving threat landscape requires vigilance and adaptation. What may have been adequate a decade ago is no longer sufficient today. As threats in the software supply chain grow, organizations like SolarWinds are committed to transparency and leveraging advanced tools to enhance their security posture.

The partnership with Reversing Labs is integral in navigating these challenges, as transparency is increasingly expected from vendors in the industry.

Keyword

Software supply chain, SolarWinds, Tim Brown, cybersecurity, Reversing Labs, security operations, compliance management, Secure Software Development Framework, Enduring Security Framework, Software Bill of Materials (SBOM), third-party risk management, malware, transparency.

FAQ

1. What is the primary challenge in the software supply chain?
The main challenge is understanding the components and their interactions within the software, including assessing the trustworthiness of each component.

2. Who is Tim Brown, and what is his role at SolarWinds?
Tim Brown is the Chief Security Officer (CSO) at SolarWinds, with over 30 years of experience in cybersecurity, focusing on protecting the company’s assets and ensuring product security.

3. How does SolarWinds ensure product security?
SolarWinds employs a multi-faceted security approach that includes security operations, compliance management, and collaboration with product and security architects.

4. What role does Reversing Labs play in SolarWinds' security strategy?
Reversing Labs performs static code analysis, checks for malware, and helps generate the Software Bill of Materials (SBOM) required by customers.

5. Why is an SBOM important for SolarWinds?
An SBOM provides essential insights into the components of their products, fulfilling customer requirements and aiding compliance with regulatory pressure.

6. How does SolarWinds approach third-party risk management?
SolarWinds utilizes Reversing Labs to perform thorough evaluations of potential software purchases, ensuring both security and compliance.