This post’s topic is a bit of a deviation from our normal posts on the Orion product blog; however, we felt this one warranted a little extra attention. Any software product is going to have some degree of exposure to vulnerabilities, and there are plenty of smart guys out there who have made it their mission to find and expose those vulnerabilities. Well, this happened last week with the SolarWinds TFTP server. The short version is that we were made aware of a TFTP Server vulnerability via Twitter, we worked closely with the individual who discovered the vulnerability and immediately patched a fix, and all of this occurred within the span of a few short days. You can read the full story here on the Head Geek blog.
As an Orion customer, why should you care? First, many of you use our TFTP server, whether it’s the free version or the version we ship with the Engineer’s Toolset. If you’re using either of these, you can grab the latest versions which will have the fix. The second reason you should care is because our swift action was possible because of our commitment to engaging with and responding to the larger SolarWinds community: that’s you. We pride ourselves on our transparency, we’re not bashful about our flaws, and this was a great example of how that transparency and our relationship with the community helped us resolve a nasty issue very quickly.