Safeguard
Tag

solarwinds

Safeguard articles tagged "solarwinds" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Security Guides

OWASP A08: Software and Data Integrity Failures — A Deep-Dive Guide

Software and Data Integrity Failures rank #8 in the OWASP Top 10 (2021). A deep dive into insecure deserialization, unsigned updates, SolarWinds, and real CVEs.

Jul 6, 20267 min read
Threat Research

Lessons from SolarWinds: When the Build Pipeline Becomes the Attack Surface

The SUNBURST backdoor reached roughly 18,000 organizations through a trojanized SolarWinds Orion update. Here is what actually happened, and the defenses that hold up years later.

Jul 1, 20266 min read
Threat Research

What Is a Software Supply Chain Attack? Explained

A software supply chain attack compromises the code, tools, or pipeline your software depends on — not the product itself. Here is how it works and how to defend.

Jul 1, 20267 min read
Vulnerability Analysis

The SolarWinds Supply Chain Attack Explained

How Russian intelligence hijacked SolarWinds' build system to backdoor Orion updates for 18,000 customers, and what security teams must do now.

Feb 11, 20267 min read
Supply Chain Attacks

SolarWinds Sunburst: Five Years of Lessons in 2026

Half a decade after Sunburst, the build system compromise still defines how we think about software supply chain risk. A look at what stuck and what did not.

Jan 9, 20265 min read
Incident Analysis

SolarWinds Web Help Desk CVE-2024-28987: Hardcoded Credential in Federal Networks

SolarWinds shipped a hardcoded helpdeskIntegrationUser credential in Web Help Desk that CISA added to KEV on October 15, 2024 after federal agency intrusions.

Feb 12, 20255 min read
Industry Analysis

SolarWinds Post-Incident Governance Changes Reviewed

Four years after SUNBURST, SolarWinds has rebuilt its SDLC around signed pipelines, parallel builds, and a new CSO office. How much of it is real?

Aug 14, 20245 min read
Case Studies

Lessons from SolarWinds: Two Years Later

Two years after the SolarWinds breach reshaped cybersecurity, we examine what the industry actually learned and what organizations still get wrong about supply chain security.

Dec 13, 20226 min read
Industry Analysis

SolarWinds Lessons Two Years On: What Actually Changed

Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?

Feb 18, 20226 min read
Supply Chain Attacks

SolarWinds SUNBURST: Lessons for Supply Chain Security

The SolarWinds attack compromised 18,000 organizations through a single tampered update. Six months later, here's what the industry should have learned.

May 15, 20215 min read
Incident Analysis

SunBurst: A Supply Chain Attack Evolution Study

The SolarWinds SunBurst campaign rewrote the supply chain threat model. Five years of research reveal what changed and what defenders still miss.

Dec 18, 20206 min read
solarwinds — Safeguard Blog