In the article I’m about to link, Solar Winds says that the suit is baseless and they have been as secure as possible. But the issue here is not whether you’re secure as you can be, but the fact that the product was used in a full on attack through what we in the industry know as the updater mechanism.
IfI push updates out to my software, everyone’s software who checks for updatesis expected to get a clean update with bug fixes, new features, and cleanup of menus and code behind the scene if that’s what I want to do.
Yet the issue was, someone put bad updates through Solar Winds updater, and those that got updated to the bad version of the software was now runnig a bad piece of software and the company knew nothing.
Solar Winds was a huge story, and we have tons of coverage of how bad it was. I’ve never used the software, but uyou can read all the coverage and decide whether the suit is warranted.
The SEC is alleging that the Austin-based software company and former CISO Timothy Brown defrauded investors from “at least” October 2018 to Jan 12, 2021
by not disclosing gaps in their security practices, the agency’s latest attempt to force publicly traded companies to improve their security practices.
The suit says that the defendant, whose last name is Brown, ignored the lack of security at the company and he knew about the lackluster security.
Grewal continued to say that both SolarWinds and Brown knowingly “engaged in a campaign to paint a false picture” of their “cyber controls environment, thereby depriving investors of accurate material information.” Grewal said the suit sends a message to issuers to “implement strong controls calibrated to your risk environments and level with investors about known concerns.”
Finally,
The complaint points out that even if the Russian espionage campaign never happened, Solarwinds “would have violated the federal securities laws” either way, “but those violations became painfully clear when SolarWinds experienced precisely such an attack.”
There’s much more. Read the full article SEC sues SolarWinds and CISO for fraud from Cyberscoop for the complete details and form your own opinion.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.