SolarWinds Announces Its Next-Generation Build System Aligns with NIST Secure Software Development Framework

Rhea-AI Summary

SolarWinds announces that its Next-Generation Build System aligns with NIST's Secure Software Development Framework and Software Supply Chain Security Guidance. The system utilizes parallel build processes, adopts an assume breach position, and deploys automated tools to scan for vulnerabilities. It also generates a software bill of materials and follows responsible disclosure protocols. This aligns with President Biden's Executive Order 14028 to enhance cybersecurity standards.

SolarWinds Next-Generation Build System meets or exceeds NIST guidance for secure software development as directed by Executive Order 14028

AUSTIN, Texas--(BUSINESS WIRE)-- SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, announces its Next-Generation Build System aligns with the National Institute of Standards and Technology (NIST^®) Secure Software Development Framework (SSDF) and Software Supply Chain Security Guidance.

SolarWinds launched its Secure by Design initiative in 2021 in response to SUNBURST. This initiative is a multi-pronged strategic approach featuring proprietary technology, products, and processes designed to further strengthen the company and industry at large. A key component of this initiative is the company’s Next-Generation Build System, which leverages a unique parallel build process where software is developed in multiple secure, duplicate, and ephemeral environments.

"The SSDF guidelines will be an important step in strengthening our nation's overall cybersecurity posture,” said SolarWinds Chief Information Security Officer and VP, Security, Tim Brown. “At SolarWinds, we've implemented our Secure by Design initiative with the goal of becoming a leader in enterprise software security. This has included aligning our software development processes with NIST’s Secure Software Development Framework and CISA’s Enduring Security Framework as outlined by the National Cybersecurity Strategy."

The SolarWinds Next-Generation Build System consistently meets or exceeds the proposed standards of the NIST Secure Software Development Framework by:

• Conducting software builds in parallel by utilizing three isolated and distinct build environments, where each build step is signed and verified before going through a secure validation environment built to perform a variety of scans and security checks to validate the product before release
• Advancing beyond zero trust by adopting and implementing an assume breach position to eliminate implicit trust in applications and services
• Utilizing ephemeral operations in the software development process to eliminate dependencies and remove the opportunity for malicious threat actors to establish a “home base” in systems
• Deploying automated tools designed to run on a recurring basis to scan for vulnerabilities throughout the development process, including through open-source software vulnerability checks, static code analysis, and dynamic application security testing
• Generating a software bill of materials (SBOMs), which provides a comprehensive picture of all the components, libraries, tools, and processes used in the build process
• Following responsible disclosure protocols for verified and validated vulnerabilities

President Biden signed Executive Order 14028 in May 2021 with the aim of implementing stronger cybersecurity standards in the Federal Government and improving the software supply chain. The Executive Order directed NIST to develop, update, and implement zero-trust architecture and framework guidance to enhance the security of the software supply chain while also directing the Office of Management and Budget (OMB) to order adherence to NIST guidelines.

Additional Resources

1. Executive Order on Improving the Nation’s Cybersecurity (EO 14028)
2. Secure Software Development Framework Version 1.1 (SSDF)
3. Enduring Security Framework (ESF)
4. Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (M-22-18)
5. The SolarWinds Approach to Secure Software Development
6. Next-Generation Build System Whitepaper
7. Secure by Design Resource Center

Connect with SolarWinds

• THWACK^®
• Twitter^®
• Facebook^®
• LinkedIn^®

#SWI

#SWIcorporate

#SWIproducts

About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of simple, powerful, secure observability and IT management software built to enable customers to accelerate their digital transformation. Our solutions provide organizations worldwide—regardless of type, size, or complexity—with a comprehensive and unified view of today’s modern, distributed, and hybrid network environments. We continuously engage with IT service and operations professionals, DevOps and SecOps professionals, and database administrators (DBAs) to understand the challenges they face in maintaining high-performing and highly available hybrid IT infrastructures, applications, and environments. The insights we gain from them, in places like our THWACK community, allow us to address customers’ needs now and in the future. Our focus on the user and our commitment to excellence in end-to-end hybrid IT management have established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management. Learn more today at www.solarwinds.com.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230718501098/en/

Media Contacts

John Eddy

Goldin Solutions

Phone: +1-646-660-8648

solarwinds@goldinsolutions.com

Jenne Barbour

SolarWinds

Phone: +1-512-498-6804

pr@solarwinds.com

Investor Contacts

Tim Karaca

SolarWinds

ir@solarwinds.com

Source: SolarWinds Worldwide, LLC.

FAQ

What is SolarWinds announcing?

SolarWinds is announcing that its Next-Generation Build System aligns with NIST's Secure Software Development Framework and Software Supply Chain Security Guidance.

What is SolarWinds' Secure by Design initiative?

Secure by Design is SolarWinds' strategic approach to strengthen the company and industry at large. It includes proprietary technology, products, and processes to enhance software security.

What is the Next-Generation Build System?

The Next-Generation Build System is a key component of SolarWinds' Secure by Design initiative. It utilizes parallel build processes, assumes a breach position, and deploys automated tools for vulnerability scanning.

What are the key features of the Next-Generation Build System?

The key features include parallel software builds in isolated environments, adopting an assume breach position, using ephemeral operations, deploying automated vulnerability scanning tools, generating a software bill of materials, and following responsible disclosure protocols.

What is Executive Order 14028?

Executive Order 14028 is a directive signed by President Biden to implement stronger cybersecurity standards in the Federal Government and improve the software supply chain.

How does SolarWinds align with Executive Order 14028?

SolarWinds' Next-Generation Build System aligns with the directive by meeting or exceeding the proposed standards of NIST's Secure Software Development Framework.