SolarWinds, a leading provider of simple, powerful, and secure IT management software
, unveils
its new Next-Generation Build System, a transformational model for
software development. The new software build process is a key component
of the company's
Secure by Design initiative to make SolarWinds a model for enterprise software security.
The software development and build process improvements were made in an
accelerated timeline over the past year in response to the highly
sophisticated SUNBURST cyberattack, which targeted SolarWinds and other
technology companies. The Next-Generation Build System includes both new
software development practices and technology to strengthen the
integrity of the build environment. This consists of the
first-of-its-kind "parallel build" process, where the development of
SolarWinds® software takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.
Because the software build process at SolarWinds used at the time of the
SUNBURST attack is common throughout the technology industry,
SolarWinds is releasing components of the new build system as
open-source software, enabling other organizations to benefit from the
company's learnings and help establish a new industry standard for
secure software development.
"Communicating transparently and collaborating within the industry is
the only way to effectively protect our shared cyber infrastructure from
evolving threats," said Sudhakar Ramakrishna, president and CEO,
SolarWinds. "Our Secure by Design initiative is intended to set a new
standard in software supply chain security via innovations in build
systems and build processes. We believe our customers, peers, and the
broader industry can also benefit from our practices."
SolarWinds aligned the Next-Generation Build System with four key tenets of Secure by Design principles:
-
Dynamic operations: Building only short-term software build environments that self-destruct after completing a specific task.
-
Systematic build products: Ensuring build products can be
made deterministically so any newly created byproducts will always have
identical, secure components.
-
Simultaneous build process: Creating software development
byproducts, such as data models, in parallel to establish a basis for
detecting unexpected modifications to the products.
-
Detailed records: Tracking every software build step for complete traceability and permanent proof of record.