The SolarWinds Secure by Design initiative establishes the company as a model for secure enterprise software development
Components of Next-Generation Build System to be released to open-source software initiatives
SolarWinds (NYSE:SWI), a leading provider of simple, powerful, and secure IT management software, unveils its new Next-Generation Build System, a transformational model for software development. The new software build process is a key component of the company’s Secure by Design initiative to make SolarWinds a model for enterprise software security.
The software development and build process improvements were made in an accelerated timeline over the past year in response to the highly sophisticated SUNBURST cyberattack, which targeted SolarWinds and other technology companies. The Next-Generation Build System includes both new software development practices and technology to strengthen the integrity of the build environment. This consists of the first-of-its-kind “parallel build” process, where the development of SolarWinds® software takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.
Because the software build process at SolarWinds used at the time of the SUNBURST attack is common throughout the technology industry, SolarWinds is releasing components of the new build system as open-source software, enabling other organizations to benefit from the company’s learnings and help establish a new industry standard for secure software development.
“Communicating transparently and collaborating within the industry is the only way to effectively protect our shared cyber infrastructure from evolving threats,” said Sudhakar Ramakrishna, president and CEO, SolarWinds. “Our Secure by Design initiative is intended to set a new standard in software supply chain security via innovations in build systems and build processes. We believe our customers, peers, and the broader industry can also benefit from our practices.”
SolarWinds aligned the Next-Generation Build System with four key tenets of Secure by Design principles:
- Dynamic operations: Building only short-term software build environments that self-destruct after completing a specific task.
- Systematic build products: Ensuring build products can be made deterministically so any newly created byproducts will always have identical, secure components.
- Simultaneous build process: Creating software development byproducts, such as data models, in parallel to establish a basis for detecting unexpected modifications to the products.
- Detailed records: Tracking every software build step for complete traceability and permanent proof of record.
- SolarWinds Next-Generation Build System whitepaper
- Orange Matter™ Blog: SolarWinds Aims to Set New Standard in Software Development With Next-Generation Build System
- Secure by Design Resources
Connect with SolarWinds
SolarWinds (NYSE:SWI) is a leading provider of simple, powerful, and secure IT management software built to enable customers to accelerate their digital transformation. Our solutions provide organizations worldwide—regardless of type, size, or complexity—with a comprehensive and unified view of today’s modern, distributed, and hybrid network environments. We continuously engage with technology professionals—IT service and operations professionals, DevOps and SecOps professionals, and database administrators (DBAs)—to understand the challenges they face in maintaining high-performing and highly available IT infrastructures, applications, and environments. The insights we gain from them, in places like our THWACK community, allow us to address customers’ needs now, and in the future. Our focus on the user and our commitment to excellence in end-to-end hybrid IT management have established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management. Learn more today at www.solarwinds.com.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.
© 2022 SolarWinds Worldwide, LLC. All rights reserved.