Monday, September 25, 2023

SolarWinds announces its Next-Generation Build System aligns with NIST Secure Software Development Framework

By ET Bureau - July 19, 2023 3 Mins Read

SolarWinds announces its Next-Generation Build System aligns with NIST Secure Software Development Framework

SolarWinds, a leading provider of simple, powerful, secure observability and IT management software, announces its Next-Generation Build System aligns with the National Institute of Standards and Technology (NIST®) Secure Software Development Framework (SSDF) and Software Supply Chain Security Guidance.

SolarWinds launched its Secure by Design initiative in 2021 in response to SUNBURST. This initiative is a multi-pronged strategic approach featuring proprietary technology, products, and processes designed to further strengthen the company and industry at large. A key component of this initiative is the company’s Next-Generation Build System, which leverages a unique parallel build process where software is developed in multiple secure, duplicate, and ephemeral environments.

“The SSDF guidelines will be an important step in strengthening our nation’s overall cybersecurity posture,” said SolarWinds Chief Information Security Officer and VP, Security, Tim Brown. “At SolarWinds, we’ve implemented our Secure by Design initiative with the goal of becoming a leader in enterprise software security. This has included aligning our software development processes with NIST’s Secure Software Development Framework and CISA’s Enduring Security Framework as outlined by the National Cybersecurity Strategy.”

The SolarWinds Next-Generation Build System consistently meets or exceeds the proposed standards of the NIST Secure Software Development Framework by:

Conducting software builds in parallel by utilizing three isolated and distinct build environments, where each build step is signed and verified before going through a secure validation environment built to perform a variety of scans and security checks to validate the product before release.

Advancing beyond zero trust by adopting and implementing an assume breach position to eliminate implicit trust in applications and services.

Utilizing ephemeral operations in the software development process to eliminate dependencies and remove the opportunity for malicious threat actors to establish a “home base” in systems.

Deploying automated tools designed to run on a recurring basis to scan for vulnerabilities throughout the development process, including through open-source software vulnerability checks, static code analysis, and dynamic application security testing.

Also Read: The Ethical Implications of Artificial Intelligence

Generating a software bill of materials (SBOMs), which provides a comprehensive picture of all the components, libraries, tools, and processes used in the build process.

Following responsible disclosure protocols for verified and validated vulnerabilities.

President Biden signed Executive Order 14028 in May 2021 with the aim of implementing stronger cybersecurity standards in the Federal Government and improving the software supply chain. The Executive Order directed NIST to develop, update, and implement zero-trust architecture and framework guidance to enhance the security of the software supply chain while also directing the Office of Management and Budget (OMB) to order adherence to NIST guidelines.

Check Out The New Enterprisetalk Podcast. For more such updates follow us on Google News Enterprisetalk News.



ET Bureau

The platform covers e entire enterprise technology space- including emerging technologies like RPA, AI, cloud, automation, and the entire gamut of digital transformation tools, strategies and management decisions.

Subscribe To Newsletter

*By clicking on the Submit button, you are agreeing with the Privacy Policy with Enterprise Talks.*