SolarWinds Announces Its Next-Generation Build System Aligns with NIST Secure Software Development Framework
July 18 2023 - 7:00AM
Business Wire
SolarWinds Next-Generation Build System meets or exceeds NIST
guidance for secure software development as directed by Executive
Order 14028
SolarWinds (NYSE:SWI), a leading provider of simple, powerful,
secure observability and IT management software, announces its
Next-Generation Build System aligns with the National Institute of
Standards and Technology (NIST®) Secure Software Development
Framework (SSDF) and Software Supply Chain Security Guidance.
SolarWinds launched its Secure by Design initiative in 2021 in
response to SUNBURST. This initiative is a multi-pronged strategic
approach featuring proprietary technology, products, and processes
designed to further strengthen the company and industry at large. A
key component of this initiative is the company’s Next-Generation
Build System, which leverages a unique parallel build process where
software is developed in multiple secure, duplicate, and ephemeral
environments.
"The SSDF guidelines will be an important step in strengthening
our nation's overall cybersecurity posture,” said SolarWinds Chief
Information Security Officer and VP, Security, Tim Brown. “At
SolarWinds, we've implemented our Secure by Design initiative with
the goal of becoming a leader in enterprise software security. This
has included aligning our software development processes with
NIST’s Secure Software Development Framework and CISA’s Enduring
Security Framework as outlined by the National Cybersecurity
Strategy."
The SolarWinds Next-Generation Build System consistently meets
or exceeds the proposed standards of the NIST Secure Software
Development Framework by:
- Conducting software builds in parallel by utilizing three
isolated and distinct build environments, where each build step is
signed and verified before going through a secure validation
environment built to perform a variety of scans and security checks
to validate the product before release
- Advancing beyond zero trust by adopting and implementing an
assume breach position to eliminate implicit trust in applications
and services
- Utilizing ephemeral operations in the software development
process to eliminate dependencies and remove the opportunity for
malicious threat actors to establish a “home base” in systems
- Deploying automated tools designed to run on a recurring basis
to scan for vulnerabilities throughout the development process,
including through open-source software vulnerability checks, static
code analysis, and dynamic application security testing
- Generating a software bill of materials (SBOMs), which provides
a comprehensive picture of all the components, libraries, tools,
and processes used in the build process
- Following responsible disclosure protocols for verified and
validated vulnerabilities
President Biden signed Executive Order 14028 in May 2021 with
the aim of implementing stronger cybersecurity standards in the
Federal Government and improving the software supply chain. The
Executive Order directed NIST to develop, update, and implement
zero-trust architecture and framework guidance to enhance the
security of the software supply chain while also directing the
Office of Management and Budget (OMB) to order adherence to NIST
guidelines.
Additional Resources
- Executive Order on Improving the Nation’s Cybersecurity (EO
14028)
- Secure Software Development Framework Version 1.1 (SSDF)
- Enduring Security Framework (ESF)
- Enhancing the Security of the Software Supply Chain through
Secure Software Development Practices (M-22-18)
- The SolarWinds Approach to Secure Software Development
- Next-Generation Build System Whitepaper
- Secure by Design Resource Center
Connect with SolarWinds
- THWACK®
- Twitter®
- Facebook®
- LinkedIn®
#SWI
#SWIcorporate
#SWIproducts
About SolarWinds
SolarWinds (NYSE:SWI) is a leading provider of simple, powerful,
secure observability and IT management software built to enable
customers to accelerate their digital transformation. Our solutions
provide organizations worldwide—regardless of type, size, or
complexity—with a comprehensive and unified view of today’s modern,
distributed, and hybrid network environments. We continuously
engage with IT service and operations professionals, DevOps and
SecOps professionals, and database administrators (DBAs) to
understand the challenges they face in maintaining high-performing
and highly available hybrid IT infrastructures, applications, and
environments. The insights we gain from them, in places like our
THWACK community, allow us to address customers’ needs now and in
the future. Our focus on the user and our commitment to excellence
in end-to-end hybrid IT management have established SolarWinds as a
worldwide leader in solutions for observability, IT service
management, application performance, and database management. Learn
more today at www.solarwinds.com.
The SolarWinds, SolarWinds & Design, Orion, and THWACK
trademarks are the exclusive property of SolarWinds Worldwide, LLC
or its affiliates, are registered with the U.S. Patent and
Trademark Office, and may be registered or pending registration in
other countries. All other SolarWinds trademarks, service marks,
and logos may be common law marks or are registered or pending
registration. All other trademarks mentioned herein are used for
identification purposes only and are trademarks of (and may be
registered trademarks of) their respective companies.
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20230718501098/en/
Media Contacts John Eddy Goldin Solutions Phone: +1-646-660-8648
solarwinds@goldinsolutions.com
Jenne Barbour SolarWinds Phone: +1-512-498-6804
pr@solarwinds.com
Investor Contacts Tim Karaca SolarWinds ir@solarwinds.com
SolarWinds (NYSE:SWI)
Historical Stock Chart
From Dec 2024 to Jan 2025
SolarWinds (NYSE:SWI)
Historical Stock Chart
From Jan 2024 to Jan 2025
