solarwinds
Safeguard articles tagged "solarwinds" — guides, analysis, and best practices for software supply chain and application security.
11 articles
OWASP A08: Software and Data Integrity Failures — A Deep-Dive Guide
Software and Data Integrity Failures rank #8 in the OWASP Top 10 (2021). A deep dive into insecure deserialization, unsigned updates, SolarWinds, and real CVEs.
Lessons from SolarWinds: When the Build Pipeline Becomes the Attack Surface
The SUNBURST backdoor reached roughly 18,000 organizations through a trojanized SolarWinds Orion update. Here is what actually happened, and the defenses that hold up years later.
What Is a Software Supply Chain Attack? Explained
A software supply chain attack compromises the code, tools, or pipeline your software depends on — not the product itself. Here is how it works and how to defend.
The SolarWinds Supply Chain Attack Explained
How Russian intelligence hijacked SolarWinds' build system to backdoor Orion updates for 18,000 customers, and what security teams must do now.
SolarWinds Sunburst: Five Years of Lessons in 2026
Half a decade after Sunburst, the build system compromise still defines how we think about software supply chain risk. A look at what stuck and what did not.
SolarWinds Web Help Desk CVE-2024-28987: Hardcoded Credential in Federal Networks
SolarWinds shipped a hardcoded helpdeskIntegrationUser credential in Web Help Desk that CISA added to KEV on October 15, 2024 after federal agency intrusions.
SolarWinds Post-Incident Governance Changes Reviewed
Four years after SUNBURST, SolarWinds has rebuilt its SDLC around signed pipelines, parallel builds, and a new CSO office. How much of it is real?
Lessons from SolarWinds: Two Years Later
Two years after the SolarWinds breach reshaped cybersecurity, we examine what the industry actually learned and what organizations still get wrong about supply chain security.
SolarWinds Lessons Two Years On: What Actually Changed
Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?
SolarWinds SUNBURST: Lessons for Supply Chain Security
The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.
SunBurst: A Supply Chain Attack Evolution Study
The SolarWinds SunBurst campaign rewrote the supply chain threat model. Five years of research reveal what changed and what defenders still miss.