cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Our Commitment to Cooperation

Community Manager

The sophistication and technological attributes of the recent SUNBURST supply chain attack against SolarWinds is of great concern to us and to our customers, and we hope to the entire technology industry. The very nature of this attack has led experts to conclude a foreign government was likely responsible. SolarWinds customers in both the private and public sectors also were victims of this SUNBURST attack, and there have been media reports that other software companies may have been targeted as well. We are currently the most visible victim of this attack, but we are likely not alone.

In response to this attack, we are supporting our customers, hardening our products and systems, working with industry-leading third-party cybersecurity experts, and collaborating with our partners, vendors, law enforcement, and intelligence agencies around the world.

All of us in the technology industry face this threat. As stated in the Cyberspace Solarium Commission Executive Report from March 2020, “The United States now operates in a cyber landscape that requires a level of data security, resilience, and trustworthiness that neither the U.S. government nor the private sector alone is currently equipped to provide.”

As the severity, complexity, and scale of these hacks become more apparent, companies that have been targeted or could be future targets need to join together for an industry-wide approach in partnership with government, not only to assess what happened here, but to help better prepare the industry for the future.

We believe the extraordinary nature of this attack demonstrates a need within the industry for a formal set of procedures and a commitment to knowledge-sharing about potential cybersecurity threats in real time and aligned with the principles of responsible disclosure.

We must break down the silos that have traditionally prevented the prompt and proactive exchange of intelligence about potential and urgent threats. Our industry must also look to our partners in government for their considerable expertise and broad resources in addressing the cybersecurity threat faced by U.S.-based firms and government agencies.

SolarWinds supports the urgent effort to adopt industry-wide standards of collaboration across a diverse set of organizations. We believe that by working together, in close coordination with the federal government, the technology industry will be able to more effectively defend our companies, our customers, and our national infrastructure against brazen, significant, and sophisticated attacks.

We only empower our adversaries when we blindfold each other. SolarWinds is committed to protecting the interests of our customers and will continue to collaborate with private enterprises and government authorities to seek to make the world a safer place.

2 Comments
Level 9

We must break down the silos that have traditionally prevented the prompt and proactive exchange of intelligence about potential and urgent threats. Our industry must also look to our partners in government for their considerable expertise and broad resources in addressing the cybersecurity threat faced by U.S.-based firms and government agencies.

SolarWinds supports the urgent effort to adopt industry-wide standards of collaboration across a diverse set of organizations. We believe that by working together, in close coordination with the federal government, the technology industry will be able to more effectively defend our companies, our customers, and our national infrastructure against brazen, significant, and sophisticated attacks.


You mean what the Open Source community has been doing since day 1? Has SolarWinds considered that it's the proprietary nature of closed-source software that causes most of these problems to begin with? It's hard to infiltrate codebase that has thousands of public eyes reading, improving, and committing to it on a daily basis, and likewise it's impossible to hide information about breaches and threats when code disclosure is in the very nature of the development process.

Level 13

However, as Bruce Schneier has said for years: "Open Source DOES NOT equal Secure".

In his words: https://www.schneier.com/blog/archives/2020/12/open-source-does-not-equal-secure.html 

About the Author
SolarWinds (NYSE:SWI) is a leading provider of powerful and affordable IT management software. Our products give organizations worldwide—regardless of type, size, or complexity—the power to monitor and manage their IT services, infrastructures, and applications; whether on-premises, in the cloud, or via hybrid models. We continuously engage with technology professionals—IT service and operations professionals, DevOps professionals, and managed services providers (MSPs)—to understand the challenges they face in maintaining high-performing and highly available IT infrastructures and applications. The insights we gain from them, in places like our THWACK community, allow us to solve well-understood IT management challenges in the ways technology professionals want them solved. Our focus on the user and commitment to excellence in end-to-end hybrid IT management has established SolarWinds as a worldwide leader in solutions for network and IT service management, application performance, and managed services. Learn more today at www.solarwinds.com.