SolarWinds Becomes First Software Provider to Align With New CISA Secure Software Development Guidance

Rhea-AI Summary

SolarWinds leads the industry by aligning with OMB, NIST, and SSDF frameworks for secure software development. The company submitted its Secure Software Development self-attestation in line with CISA and OMB requirements, becoming the first to do so. This move supports the DHS strategy to strengthen the software supply chain and enhance cybersecurity practices. SolarWinds' commitment to secure software practices is evident through its alignment with NIST SSDF guidelines and OMB's directive. The company emphasizes transparency and proactive cybersecurity measures to safeguard digital infrastructure.

Insights

Cybersecurity Expert

SolarWinds' alignment with the OMB, NIST and SSDF frameworks represents a proactive stance in an industry where security is paramount. This move can enhance their reputation among government and enterprise clients who prioritize cybersecurity. By being the first to submit a self-attestation, SolarWinds may set a competitive standard, potentially influencing the market's perception of its commitment to security. However, the actual impact on their business will depend on the market's response to this alignment and whether it translates into increased sales or improved customer retention.

Investors should observe if this leads to new contracts with government agencies or if it helps in mitigating the impact of any future security breaches. Long-term benefits could include a stronger brand and customer loyalty, while drawbacks might involve the costs associated with maintaining such high standards of security compliance.

IT Management Analyst

The submission of a Secure Software Development self-attestation by SolarWinds and its alignment with federal guidelines is a strategic move in the IT management space. It underscores the company's dedication to secure software practices, which is a growing concern for IT administrators and CIOs. The detailed Software Bill of Materials (SBOM) that SolarWinds commits to providing can be a significant differentiator, offering transparency into the components and interdependencies of their software solutions.

From an operational standpoint, the company's ability to demonstrate compliance with these security frameworks may streamline procurement processes for government contracts and enhance trust among private sector clients. This could potentially lead to an expansion of their market share and create a more resilient revenue stream. However, the costs associated with continuous compliance and development in line with these frameworks could affect profit margins.

Government Affairs Analyst

The emphasis SolarWinds places on public-private partnerships and its proactive approach to cybersecurity measures aligns with a broader government initiative to secure the nation's digital infrastructure. This alignment may facilitate SolarWinds' interactions with government agencies and could serve as a catalyst for policy development in cybersecurity. The company's participation in panel events and discussions with policymakers showcases its role as a thought leader in the space.

Investors should monitor how SolarWinds leverages these relationships to influence cybersecurity practices and potentially gain preferential access to government contracts. The company's proactive approach and involvement in policy discussions may lead to early adoption of emerging security standards, providing a competitive edge. However, the company must navigate the complexities of government relations and policy advocacy without overextending its resources or compromising its business objectives.

SolarWinds leads industry in attesting to alignment with OMB, NIST, SSDF frameworks for secure software development

AUSTIN, Texas--(BUSINESS WIRE)-- SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, today announced it has submitted its Secure Software Development self-attestation in alignment with Cybersecurity and Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) requirements. In submitting its form to the Repository for Software Attestation and Artifacts (RSAA), SolarWinds is the first software provider to publish CISA self-attestation in alignment with U.S. government requirements of all software providers.

Endorsed by the White House and released by CISA this month, the Secure Software Development Attestation Form is part of a comprehensive Department of Homeland Security (DHS) strategy to fortify the software supply chain, promote transparent information-sharing between the public and private sectors, and encourage a proactive community approach to cyber threats to safeguard the nation's digital infrastructure.

SolarWinds has taken a significant step in promoting secure software practices by submitting this attestation that its products are designed with security as a foundational element, in line with not only NIST Secure Software Development Framework (SSDF) guidelines but the framework provided by the Office of Management and Budget's directive (M-22-18). Furthermore, submitting this attestation further underscores SolarWinds' capability to provide a clear and digitally accessible Software Bill of Materials (SBOM) with detailed insights across all of a digital ecosystem's components and interdependencies.

"In a landscape where cybersecurity threats are ever-evolving, public-private partnerships remain absolutely paramount for creating a secure and resilient digital infrastructure for our nation,” said Chip Daniels, Vice President of Government Affairs at SolarWinds. “By working hand in hand, we can ensure that our cybersecurity measures are not just reactive but proactively designed to anticipate and mitigate threats. This collaboration across sectors is necessary to support CISA, create unified best practices for information-sharing between companies and government agencies, and develop shared threat intelligence for a more resilient and secure supply chain, nation—and future.”

SolarWinds submitted self-attestation for the following solutions:

• Hybrid Cloud Observability version 2024.1
• Hybrid Cloud Observability (formerly Orion) modules:
• Network Performance Monitor (NPM), NetFlow Traffic Analyzer (NTA), Network Configuration Manager (NCM), VoIP & Network Quality Manager (VNQM), IP Address Manager (IPAM), User Device Tracker (UDT), Virtualization Manager (VMAN), Log Analyzer, Server & Application Monitor (SAM), Server Configuration Monitor (SCM), Storage Resource Monitor (SRM), and Web Performance Monitor (WPM)
• SolarWinds Observability (as of March 5, 2024)
• IT Service Management (as of March 17, 2024)

"In order to pioneer secure software development, we understand that security is not just a feature but the very foundation upon which modern digital ecosystems must be built. At SolarWinds, we are committed to setting new standards in cybersecurity, embracing transparency, and fostering a culture of relentless innovation," said Tim Brown, Chief Information Security Officer and Vice President of Security at SolarWinds. "Our alignment with the latest CISA guidelines is a testament to our unwavering dedication to not only protect our global digital infrastructure but to lead by example. We believe in empowering our customers with solutions that are not just secure by design, but also resilient in the face of evolving threats."

SolarWinds recently hosted a panel event in Washington, D.C., featuring Congressman Raja Krishnamoorthi (D-IL), Christopher D. Roberti, Senior Vice President for Cyber, Space, and National Security Policy at the U.S. Chamber of Commerce, and SolarWinds President and CEO Sudhakar Ramakrishna. The discussion focused on the evolving nation-state threat actors who are increasingly targeting critical infrastructure and how to build the public-private partnerships needed to combat these threats. The event additionally included a briefing on the SolarWinds suite of secure solutions, designed via its Next-Generation Build System to help government entities streamline and upgrade IT services while meeting constituent needs.

For more information about the SolarWinds Secure by Design principles, visit https://www.solarwinds.com/secure-by-design-resources.

Additional Resources

• SolarWinds Trust Center
• SolarWinds Secure by Design Resource Center
• SolarWinds Day: Secure by Design Features Invigorating Conversations About Cybersecurity, July 18, 2023

Connect with SolarWinds

• THWACK^®
• Twitter^®
• Facebook^®
• LinkedIn^®

This press release contains “forward-looking” statements, which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements regarding our self-attestation form, including our ability to promote secure software practices and anticipate and mitigate cybersecurity threats. These forward-looking statements are based on management's beliefs and assumptions and on information currently available to management. Forward-looking statements include all statements that are not historical facts and may be identified by terms such as “aim,” “anticipate,” “believe,” “can,” “could,” “seek,” “should,” “feel,” “expect,” “will,” “would,” “plan,” “intend,” “estimate,” “continue,” or similar expressions and the negatives of those terms. Forward-looking statements involve known and unknown risks, uncertainties, and other factors that may cause actual results, performance, or achievements to be materially different from any future results, performance, or achievements expressed or implied by the forward-looking statements. Factors that could cause or contribute to such differences include but are not limited to, the risks and uncertainties described more fully in documents filed with or furnished to the Securities and Exchange Commission, including the risk factors discussed in our Annual Report on Form 10-K for the period ended December 31, 2023, filed on February 16, 2024. All information provided in this release is as of the date hereof, and SolarWinds undertakes no duty to update this information except as required by law.

#SWI
#SWIcorporate
#SWIsecurity

About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of simple, powerful, secure observability and IT management software built to enable customers to accelerate their digital transformation. Our solutions provide organizations worldwide—regardless of type, size, or complexity—with a comprehensive and unified view of today’s modern, distributed, and hybrid network environments. We continuously engage with IT service and operations professionals, DevOps and SecOps professionals, and database administrators (DBAs) to understand the challenges they face in maintaining high-performing and highly available hybrid IT infrastructures, applications, and environments. The insights we gain from them, in places like our THWACK community, allow us to address customers’ needs now and in the future. Our focus on the user and our commitment to excellence in end-to-end hybrid IT management have established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management. Learn more today at www.solarwinds.com.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2024 SolarWinds Worldwide, LLC. All rights reserved.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240321224710/en/

Media Contacts

John Eddy

Goldin Solutions

Phone: +1-646-660-8648

solarwinds@goldinsolutions.com

Jenne Barbour

SolarWinds

Phone: +1-512-498-6804

pr@solarwinds.com

Investor Contacts

Tim Karaca

SolarWinds

ir@solarwinds.com

Source: SolarWinds Worldwide, LLC.

FAQ

What frameworks did SolarWinds align with for secure software development?

SolarWinds aligned with OMB, NIST, and SSDF frameworks for secure software development.

What did SolarWinds submit in alignment with CISA and OMB requirements?

SolarWinds submitted its Secure Software Development self-attestation in alignment with CISA and OMB requirements.

What is the significance of SolarWinds being the first software provider to publish CISA self-attestation?

SolarWinds being the first software provider to publish CISA self-attestation aligns with U.S. government requirements for all software providers.

What does SolarWinds' submission of the Secure Software Development Attestation Form signify?

SolarWinds' submission of the Secure Software Development Attestation Form supports the DHS strategy to fortify the software supply chain and enhance cybersecurity practices.

Who endorsed SolarWinds' submission of the Secure Software Development Attestation Form?

The submission was endorsed by the White House and released by CISA.