SolarWinds creates new software build system in wake of Sunburst attack

SolarWinds creates new software build system in wake of Sunburst attack

Lessons learned from software supply chain breach lead to innovative and secure development scheme.

Credit: Dreamstime

SolarWinds became the poster child for attacks on software supply chains last year when a group of threat actors injected malicious code known as Sunburst into the vendor's software development system.

It was subsequently distributed through an upgrade to it Orion product to thousands of government and enterprise customers worldwide.

SolarWinds learned from the experience and has introduced new software development practices and technology to strengthen the integrity of its build environment. It includes what SolarWinds says is the first-of-its-kind “parallel build” process, where the software development takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.

"If a build system lacks integrity checks to ensure that compiled binaries match the intended source code used to create them, then this approach is a marked improvement," says Daniel Kennedy, research director for information security and networking at 451 Research. 

"The new system was developed using an accelerated timeline so there is no guarantee that the system will be fully secure at the onset, but it appears that the new system also allows for faster and more dynamic actions, if new threats emerge. The new system also has more transparency in its design, allowing for faster and more reliable improvement, maintenance, and development."

"The whole CI/CD pipeline approach to AppDev is not only linear, but relies essentially on a single line, so the introduction of parallel lines, perhaps with one team checking the other’s work, does sound like an approach to achieve more of a secure-by-design environment," adds Rik Turner, a senior principal analyst for cybersecurity at Omdia, a technology advisory firm.

New development processes might have prevented attack

"If the new build scheme had been in place back in March 2020, it is likely that the attack could have been either prevented or addressed more quickly," says Shital Thekdi, an associate professor of analytics and operations at the University of Richmond.

"The new build scheme would have greatly reduced the chances of hackers having the ability to tamper with the build system without being observed," adds Ken Arora, distinguished engineer in the Office of the CTO at F5, a provider of application security and industry tools. "Even if the attackers had some success, the compromise would have been short lived due to the dynamic operation strategy and self-destructive approach."

Collaboration key to protect shared infrastructure

SolarWinds' new build system is constructed around four secure-by-design principles. Firstly, operations are dynamic and use short-term software build environments that self-destruct after completing a specific task. Secondly, products are built systematically, ensuring build products can be made deterministically so any newly created byproducts will always have identical, secure components.

Thirdly, processes contain simultaneous builds so software development byproducts, such as data models, can be created in parallel to establish a basis for detecting unexpected modifications to the products. And finally, detailed records are maintained so every software build step is tracked for complete traceability and permanent proof of record.

Since the software build process SolarWinds used at the time of the Sunburst attack is commonly used by the industry, the company is making some components of its new build system available to the public as open source software. 

According to SolarWinds CEO and president Sudhakar Ramakrishna, "communicating transparently and collaborating within the industry is the only way to effectively protect our shared cyber infrastructure from evolving threats."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags SolarWindscyber security



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments