Page last updated on April 11, 2024
SolarWinds Corp initially disclosed a cybersecurity incident in an SEC 8-K filing on 2020-12-14 09:57:24 EST.
Incident Details
Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)
Compromised Date:
Detected Date: 2020-12-12
Disclosure Date: 2020-12-14
Contained Date:
Recovered Date:
Attack Goal: Unknown
Costs: No Costs Tracked (yet)
Filings
8-K filed on 2020-12-14
SolarWinds Corp filed an 8-K at 2020-12-14 09:57:24 EST
Accession Number: 0001628280-20-017451
Item 8.01 Other Events.
SolarWinds Corporation (“SolarWinds” or the “Company”) has been made aware of a cyberattack that inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. SolarWinds has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state, but SolarWinds has not independently verified the identity of the attacker. SolarWinds has retained third-party cybersecurity experts to assist in an investigation of these matters, including whether a vulnerability in the Orion monitoring products was exploited as a point of any infiltration of any customer systems, and in the development of appropriate mitigation and remediation plans. SolarWinds is cooperating with the Federal Bureau of Investigation, the U.S. intelligence community, and other government agencies in investigations related to this incident.
Based on its investigation to date, SolarWinds has evidence that the vulnerability was inserted within the Orion products and existed in updates released between March and June 2020 (the “Relevant Period”), was introduced as a result of a compromise of the Orion software build system and was not present in the source code repository of the Orion products. SolarWinds has taken steps to remediate the compromise of the Orion software build system and is investigating what additional steps, if any, should be taken. SolarWinds is not currently aware that this vulnerability exists in any of its other products.
SolarWinds currently believes that:
- Orion products downloaded, implemented or updated during the Relevant Period contained the vulnerability;
- Orion products downloaded and implemented before the Relevant Period and not updated during the Relevant Period did not contain the vulnerability;
- Orion products downloaded and implemented after the Relevant Period did not contain the vulnerability; and
- Previously affected versions of the Orion products that were updated with a build released after the Relevant Period no longer contained the vulnerability; however, the server on which the affected Orion products ran may have been compromised during the period in which the vulnerability existed.
SolarWinds values the privacy and security of its over 300,000 customers and is working closely with customers of its Orion products to address this incident. On December 13, 2020, SolarWinds delivered a communication to approximately 33,000 Orion product customers that were active maintenance customers during and after the Relevant Period. SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000. The communication to these customers contained mitigation steps, including making available a hotfix update to address this vulnerability in part and additional measures that customers could take to help secure their environments. SolarWinds is also preparing a second hotfix update to further address the vulnerability, which SolarWinds currently expects to release on or prior to December 15, 2020. For the nine months ended September 30, 2020, total revenue from the Orion products across all customers, including those who may have had an installation of the Orion products that contained this vulnerability, was approximately $343 million, or approximately 45% of total revenue.
There has been significant media coverage of attacks on U.S. governmental agencies and other companies, with many of those reports attributing those attacks to a vulnerability in the Orion products. SolarWinds is still investigating whether, and to what extent, a vulnerability in the Orion products was successfully exploited in any of the reported attacks.
SolarWinds uses Microsoft Office 365 for its email and office productivity tools. SolarWinds was made aware of an attack vector that was used to compromise the Company’s emails and may have provided access to other data contained in the Company’s office productivity tools. SolarWinds, in collaboration with Microsoft, has taken remediation steps to address the compromise and is investigating whether further remediation steps are required, over what period of time this compromise existed and whether this compromise is associated with the attack on its Orion software build system. SolarWinds also is investigating in collaboration with Microsoft as to whether any customer, personnel or other data was exfiltrated as a result of this compromise but has uncovered no evidence at this time of any such exfiltration.
SolarWinds’ investigations into these matters are preliminary and on-going, and SolarWinds is still discerning the implications of these security incidents. During the course of these investigations, SolarWinds may become aware of new or different information. At this time, SolarWinds is unable to predict any potential financial, legal or reputational consequences to the Company resulting from this incident, including costs related thereto. So as not to compromise the integrity of any investigations, SolarWinds is unable to share additional information at this time.
8-K filed on 2020-12-17
SolarWinds Corp filed an 8-K at 2020-12-17 16:05:44 EST
Accession Number: 0001628280-20-017620
Item 7.01 Regulation FD Disclosure.
On December 14, 2020, SolarWinds Corporation (“SolarWinds” or the “Company”) filed a Current Report on Form 8-K disclosing that it had been made aware of a potential security incident with respect to its Orion monitoring products. On December 17, 2020, SolarWinds provided the following update on the security incident on its Orange Matter corporate blog, accessible at: https://orangematter.solarwinds.com:
On Saturday, December 12, our CEO was advised by an executive at FireEye of a security vulnerability in our Orion Software Platform which was the result of a very sophisticated cyberattack on SolarWinds. We soon discovered that we had been the victim of a malicious cyberattack that impacted our Orion Platform products as well as our internal systems. While security professionals and other experts have attributed the attack to an outside nation-state, we have not independently verified the identity of the attacker.
Immediately after this call, we mobilized our incident response team and quickly shifted significant internal resources to investigate and remediate the vulnerability. Know that each of our 3,200 team members is united in our efforts to meet this challenge. We remain focused on addressing the needs of our customers, our partners and the broader technology industry.
To accomplish that, we swiftly released hotfix updates to impacted customers that we believe will close the code vulnerability when implemented. These updates were made available to all customers we believe to have been impacted, regardless of their current maintenance status. We have reached out and spoken to thousands of customers and partners in the past few days, and we will continue to be in constant communication with our customers and partners to provide timely information, answer questions and assist with upgrades.
We are solely focused on our customers and the industry we serve. Our top priority has been to take all steps necessary to ensure that our and our customers’ environments are secure. We are taking extraordinary measures to accomplish this goal. We shared all of our proprietary code libraries that we believed to have been affected by SUNBURST to give security professionals the information they needed to do their research. We also have had numerous conversations with security professionals to further assist them in their research. We were very pleased and proud to hear that colleagues in the industry discovered a “killswitch” that will prevent the malicious code from being used to create a compromise.
Here are a few important things to know:
- This was a highly sophisticated cyberattack on our systems that inserted a vulnerability within our Orion(R) Platform products. This particular intrusion is so targeted and complex that experts are referring to it as the SUNBURST attack. The vulnerability has only been identified in updates to the Orion Platform products delivered between March and June 2020, but our investigations are still ongoing. Also, while we are still investigating our non-Orion products, to date we have not seen evidence that they are impacted by SUNBURST.
- The vulnerability was not evident in the Orion Platform products’ source code but appears to have been inserted during the Orion software build process.
- We swiftly released hotfix updates to impacted customers, regardless of their maintenance status, that we believe will close the vulnerability when implemented.
- After our release of Orion 2020.2.1 HF2 on Tuesday night, we believe the Orion Platform now meets the US Federal and state agencies’ requirements. We are providing direct support to these customers and will help them complete their upgrades quickly.
- We are continuing to take measures to ensure our internal systems are secure, including deploying the Falcon Endpoint Protection Platform across the endpoints on our systems.
- We have retained industry-leading third-party cybersecurity experts to assist us with this work and are actively collaborating with our partners, vendors, law enforcement and intelligence agencies around the world.
We are providing our customers, experts and others in the IT and security industries detailed information regarding the incident to aid with identifying indicators of compromise and steps they can take to further harden their systems against unauthorized incursion. These tools can be found on our Security Advisory page at www.solarwinds.com/securityadvisory which we are updating as we learn new information.
8-K filed on 2021-01-11
SolarWinds Corp filed an 8-K at 2021-01-11 17:40:15 EST
Accession Number: 0001739942-21-000015
Item 7.01 Regulation FD Disclosure.
On January 11, 2021, SolarWinds Corporation ("SolarWinds" or the “Company”) provided the following update on the recent security incident with respect to its Orion monitoring products on its Orange Matter blog, accessible at https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst:
New Findings from our Investigation of SUNBURST
Since the cyberattack on our customers and SolarWinds, we have been working around the clock to support our customers. As we shared in our recent update, we are partnering with multiple industry-leading cybersecurity experts to strengthen our systems, further enhance our product development processes and adapt the ways that we deliver powerful, affordable AND secure solutions to our customers.
We are working with our counsel, DLA Piper, CrowdStrike, KPMG and other industry experts to perform our root cause analysis of the attack. As part of that analysis, we are examining how the SUNBURST malicious code was inserted into our Orion Software Platform and once inserted, how the code operated and remained undetected.
Today we are providing an update on the investigation thus far and an important development that we believe brings us closer to understanding how this serious attack was carried out. We believe we have found a highly sophisticated and novel malicious code injection source that the perpetrators used to insert the Sunburst malicious code into builds of our Orion Software Platform.
We recognize that the software development and build process used by SolarWinds is common throughout the software industry, so we believe that sharing this information openly will help the industry guard against similar attacks in the future and create safer environments for customers.
The security of our customers and our commitment to transparency continue to guide our work in these areas and going forward.
Highly sophisticated and complex malware designed to circumvent threat detection
As we and industry experts have noted previously, the SUNBURST attack appears to be one of the most complex and sophisticated cyberattacks in history. The US government and many private-sector experts have stated the belief that a foreign nation-state conducted this intrusive operation as part of a widespread attack against America’s cyber infrastructure. To date, our investigations have not independently verified the identity of the perpetrators.
Analysis suggests that by managing the intrusion through multiple servers based in the United States and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by both SolarWinds, other private companies and the federal government. The SUNBURST malicious code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment. If exploited, the perpetrators then had to avoid firewalls and other security controls within the customer’s environment.
KPMG and CrowdStrike, working together with the SolarWinds team, have been able to locate the malicious code injection source. We have reverse-engineered the code responsible for the attack, enabling us to learn more about the tool that was developed and deployed into the build environment.
This highly sophisticated and novel code was designed to inject the SUNBURST malicious code into the SolarWinds Orion platform without arousing the suspicion of our software development and build teams. We encourage everyone to visit this blog post, authored by the CrowdStrike team, which provides additional details into these findings and other technical aspects of this attack and contains valuable information intended to help the industry better understand attacks of this nature.
As we discussed in our previous post, we hope that this event ushers in a new level of collaboration and information sharing within the technology industry to address and prevent similar attacks in the future. Our concern is that right now similar processes may exist in software development environments at other companies throughout the world. The severity and complexity of this attack has taught us that more effectively combatting similar attacks in the future will require an industry-wide approach as well as public-private partnerships that leverage the skills, insight, knowledge and resources of all constituents.
We want to be a part of that solution, which is why we are sharing this information with the broader community, and we will continue to share progress as we assimilate this information into our go forward practices.
8-K filed on 2021-05-07
SolarWinds Corp filed an 8-K at 2021-05-07 16:53:21 EDT
Accession Number: 0001739942-21-000076
Item 7.01 Regulation FD Disclosure.
On May 7, 2021, SolarWinds Corporation ("SolarWinds" or the “Company”) provided the following update on the cyberattack announced in December 2020, or the Cyber Incident, on its Orange Matter blog, accessible at https://orangematter.solarwinds.com/2021/05/07/an-investigative-update-of-the-cyberattack:
An Investigative Update of the Cyberattack
The recent cyberattacks against SolarWinds, other widely used technology providers, and our respective customers are examples of the ongoing challenges facing the software industry as a whole. It’s clear that nation-state actors are actively working to compromise and disrupt the technology supply chains and infrastructure on which we all rely.
Throughout this experience, we’ve emphasized transparency, collaboration with our public and private partners, and knowledge-sharing from our investigations as information is gathered and verified. Over the past five months, we’ve devoted extensive resources to investigating this cyber attack and working with experts to sift through terabytes of data. We’ve been determined to uncover the tools, tactics, and motives of the nation-state threat actor to better protect SolarWinds, our customers, and others in the future.
We’re close to completing these extensive investigative efforts with assistance from our third-party experts and would like to provide another update on what we’ve learned to supplement our prior posts.
Our Awareness of Impact to Customers
We also want to take a moment to discuss our understanding about the impact of this attack on our customers. Our attitude will continue to be: one customer impacted is one customer too many.
We’ve worked tirelessly to support our customers and to contain, eradicate, and remediate the cyber incident. We quickly published information about the attack and notified our customers. We also released remediations to the affected versions of the Orion Platform software and engaged in extensive outreach and support to our customers. We also made available third-party support at our expense to help customers upgrade their Orion Platform software.
Through our numerous blog posts, webinars, TechPod podcasts, interviews, and other public statements, we’ve provided to our customers, and to the industry more broadly, substantial information about the cyber incident and our learnings and adaptation from it to help them better understand the attack and protect themselves.
Based on our investigations and conversations with our customers, we believe the number of customers targeted and impacted by the SUNBURST malicious code is significantly fewer than the number of potentially vulnerable customers. At the earliest stages of our investigation, we reported up to 18,000 customers could potentially have been vulnerable to SUNBURST, based on our records of the total number of customer downloads of the specific, impacted versions of our Orion Platform products. Unfortunately, we’ve seen this number used mistakenly in media reports as the number of customers that the threat actor actually hacked through SUNBURST.
We now estimate that the actual number of customers who were hacked through SUNBURST to be fewer than 100. It’s important to note that this group of up to 18,000 downloads includes two significant groups that could not have been affected by SUNBURST due to the inability of the malicious code to contact the threat actor command-and-control server: (1) those customers who did not install the downloaded version and (2) those customers who did install the affected version, but only did so on a server without access to the internet. Among a third group of customers, those whose affected servers accessed the internet, we believe, based on sample DNS data, only a very small proportion saw any activity with the command-and-control server deployed by the threat actor. This statistical analysis of the same DNS data leads to our belief that fewer than 100 customers had servers that communicated with the threat actor. This information is consistent with estimates provided by U.S. government entities and other researchers, and consistent with the presumption the attack was highly targeted.
Orion Platform Supply-Chain Attack
Most of our early investigative efforts focused on the compromise of our Orion Platform software products and understanding the nature of the attack. It became clear early on the threat actor employed novel and sophisticated techniques indicative of a nation-state actor and consistent with the goal of cyber espionage via a supply-chain attack. In addition, the operational security of the threat actor was so advanced, they not only attacked SolarWinds but were able to leverage the SUNBURST malicious code and avoid detection in some of the most complex environments in the world.
During the course of our investigations, we discovered the following:
- The threat actor did not modify our source code repository. The malicious activity occurred within the automated build environment for our Orion Platform software. Through the use of the novel SUNSPOT code injector that we discovered in our investigation, the threat actor surreptitiously injected the SUNBURST malicious code solely into builds of the Orion Software Platform. We published details about the build manipulation activity in our January 11 blog post, and with our investigative partner CrowdStrike, published extensive information about SUNSPOT to help others in the industry protect themselves against its use in their environments.
The threat actor undertook a test run of its ability to inject code into builds of the Orion Software Platform software in October 2019, months prior to initiating the actual SUNBURST injection into builds of our Orion Software Platform released between March and June 2020.
We have not identified SUNBURST in any of our more than 70 non-Orion Platform products and tools, including those of our N-able business.
Shared IT Environment Activities
We narrowed it down to three most likely candidates for initial entry, but we don’t limit the methods to these three. This excludes the possibility the initial access was through a known, unpatched vulnerability:
Zero-day vulnerability in a third-party application or device;
Brute-force attack, such as a password spray attack; or
Social engineering, such as a targeted phishing attack.
While we don’t know precisely when or how the threat actor first gained access to our environment, our investigations have uncovered evidence that the threat actor compromised credentials and conducted research and surveillance in furtherance of its objectives through persistent access to our software development environment and internal systems, including our Microsoft Office 365 environment, for at least nine months prior to initiating the test run in October 2019. Based on our learnings, while unfortunate, it’s not uncommon for threat actors to be in target environments for several months to years. This further reinforces the need for transparency and collaboration, so we can all benefit from one another’s shared experiences and knowledge.
We’ve also found evidence that causes us to believe the threat actor exfiltrated certain information as part of its research and surveillance. This evidence includes the following:
The threat actor created and moved files that we believe contained source code for both Orion Platform software and non-Orion products. However, we are unable to determine the actual contents of those files.
The threat actor created and moved additional files, including a file that may have contained data supporting our customer portal application. Although we're unable to determine the actual contents of the files, the information included in our customer portal databases does not contain highly sensitive personal information, such as credit card, Social Security, passport details, or bank account numbers, but contains other information such as corporate customer name, business email addresses, business billing addresses, encrypted portal login credentials, IP addresses downloading any software and MAC addresses of the registered Orion servers.
The threat actor accessed email accounts of certain personnel, some of which contained information related to current or former employees and customers. We are currently in the process of identifying all personal information contained in the emails of these accounts and expect to provide notices to any impacted individuals and other parties as appropriate.
The threat actor moved files to a jump server, which we believe was intended to facilitate exfiltration of the files out of our environment.
Our Remediation Activities
Together with our partners KPMG and CrowdStrike, in conjunction with government agencies, we’ve undertaken extensive measures to investigate, contain, eradicate, and remediate the cyber incident. CrowdStrike performed a macro-level analysis of the SolarWinds environment and deployed their Falcon technology and other threat-hunting tools, providing ongoing monitoring for suspicious activity. The KPMG forensics team performed micro-level analysis, conducting deep inspections of our build environments, as well as additional forensics and analysis. This analysis included inspection of various artifacts, including historical firewall logs, access control logs, and SIEM events. At this time, we’ve substantially completed this process and believe the threat actor is no longer active in our environments.
Our Future: Secure by Design
Armed with what we’ve learned about this attack, we’re focused on becoming an industry leader in protecting our software development from cyberintrusions. We’re working with industry experts to implement enhanced security practices designed to further strengthen and protect our products and environment against these and other types of attacks in the future. To that end, we’re further securing our environment and systems by:
Upgrading to stronger and deeper endpoint protections within our environment;
Enhancing our Data Loss Prevention solution to better detect low and slow leaks;
Expanding our Security Operations Center to improve visibility and threat hunting across our network; and
Tightening our firewall policies to further limit east/west traffic.
Additionally, we’re adopting zero trust and least privilege access mechanisms by:
Expanding and more consistently enforcing least privileges policies for ALL employees;
Limiting external interfaces to our environments; and
Increasing, expanding, and strictly enforcing requirements for multi-factor authentication throughout our environment, as well as expanding the use of a privilege access manager for all administrative accounts, with auditing.
Further, we’re addressing the possible risks associated with third-party applications access by:
Increasing on-going monitoring and inspection of all SaaS tools within our environment;
Ensuring that the configurations and implementation of all tools within our environment align with best practices;
Reviewing all accounts, updating all passwords and turning up the level of conditional access; and
Strengthening the level of pre-procurement security reviews for all vendors.
Additionally, we have made significant progress in redesigning our automated build process to help ensure the security and integrity of the code our products and that no insertions or alterations have occurred during the build process as occurred happened with SUNSPOT and SUNBURST. The below illustration illustrates highlights how this new build process works:
In addition to these protective steps, we’re conducting our software builds in three separate environments, using changing build systems, and with separate user credentials. We check the integrity of the builds across these environments to identify and address any compromises. In this way, we are changing and shifting the threat surface, thereby forcing a threat actor to replicate an attack across multiple heterogeneous environments with no overlapping privileges to be successful.
We use a standard Secure Development lifecycle approach. That includes requirements analysis, secure development, security testing, release and respond. As part of the process Checkmarx is utilized for static code analysis, Whitesource is utilized for Open-Source discovery/analysis, and internal PEN testing utilizing Burpsuite prior to a final security review.
In addition to the build pipeline, business critical assets are identified, tracked, and reviewed on a regular basis. Security controls are defined for each asset.
We hope sharing of our learnings about this attack serves our customers - as well as the broader IT industry - given the common development practices in the industry and our belief that transparency and cooperation are our industry’s best tools to help prevent and protect against future attacks. We also believe it illustrates the lengths to which outside nation-states will go to achieve their malicious goals and the need for the industry and public sector to work together to protect critical systems and infrastructure. We see an opportunity to help lead an industry-wide effort we believe will position SolarWinds as a model for secure software environments, development processes, and products.
We see these as initiatives and investments as being consistent with our goal of being a best-in-class provider of powerful, affordable, and secure solutions.
8-K filed on 2023-10-30
SolarWinds Corp filed an 8-K at 2023-10-30 16:33:07 EDT
Accession Number: 0001739942-23-000109
Item 7.01 Regulation FD Disclosure.
On October 30, 2023, SolarWinds Corporation (“SolarWinds” or the “Company”) provided the following update regarding the previously disclosed investigation by the Securities and Exchange Commission of the cyberattack on the Company’s Orion Software Platform and internal systems on its Orange Matter blog, accessible at https://orangematter.solarwinds.com/2023/10/30/transparency-information-sharing-and-collaboration. The Company may from time to time provide additional updates related to this matter on its Orange Matter blog.
Transparency, Information-Sharing, and Collaboration Make the Software Industry More Secure. We Must Not Risk Our Progress.
Soon after the highly sophisticated Russian cyberattack on SolarWinds and other technology companies was discovered in December 2020, the U.S. government and the security community determined it was carried out by persistent Russian threat actors. SUNBURST used novel techniques the world’s best cybersecurity experts had never seen before.
Since SUNBURST, there have been several reports of successful, highly resourceful, and capable technology companies-and even federal agencies-falling victim to nation-state cyberattacks, further illustrating that no one is immune to the new, advanced threats that have unfortunately become commonplace. As we practice and advocate, a community vigil is the only way to improve our collective security. It is imperative for victims of cyberattacks to come forward and share their experiences for the benefit of the broader community-and it is imperative these victims not be further victimized.
When I joined SolarWinds just days after the company learned of SUNBURST, my immediate focus was supporting our customers as we quickly contained, remediated, and eradicated the issue-while helping our customers ensure their environments were secure. We shared information about the incident as it was confirmed. The transparency of our response and our ongoing commitment to public-private partnerships has been widely praised in the global IT and security communities. We defined and implemented our Secure by Design initiative and have been commended broadly for advancing cybersecurity.
How we responded to SUNBURST is exactly what the U.S. government seeks to encourage. So, it is alarming that the Securities and Exchange Commission (SEC) has now filed what we believe is a misguided and improper enforcement action against us, representing a regressive set of views and actions inconsistent with the progress the industry needs to make and the government encourages.
The truth of the matter is that SolarWinds maintained appropriate cybersecurity controls prior to SUNBURST and has led the way ever since in continuously improving enterprise software security based on evolving industry standards and increasingly advanced cybersecurity threats. For these reasons, we will vigorously oppose this action by the SEC.
Our commitment to transparent communication has extended beyond customers to the entire industry and our government partners. We made a deliberate choice to speak-candidly and frequently-with the goal of sharing what we learned to help others become more secure. We partnered closely with the government and encouraged other companies to be more open about security by sharing information and best practices. We have advocated strongly for robust public-private partnerships to prevent future nation-state attacks. As a result of our efforts, the industry has made considerable progress in this regard since SUNBURST. Fierce business competitors now understand the need to be cooperative partners focused on defending our nation’s cyberinfrastructure against new and constantly changing attacks.
The SEC’s charges now risk the open information-sharing across the industry that cybersecurity experts agree is needed for our collective security. They also risk disenfranchising earnest cybersecurity professionals across the country, taking these cyber warriors off the front lines. I worry these actions will stunt the growth of public-private partnerships and broader information-sharing, making us all even more vulnerable to security attacks.
The actions we have taken over the last two and half years motivate us to stay the course and to push back against any efforts that will make our customers and our industry less secure. We will continue to move forward guided by our fundamental principles of transparency, urgency, collaboration, communication, and humility.
ADDITIONAL RESOURCES
SUNBURST investigation updates:
- Orange Matter Blog (December 17, 2020): https://orangematter.solarwinds.com/2020/12/17/solarwinds-update-on-security-vulnerability/
- Orange Matter Blog (January 11, 2021): https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/
- Orange Matter Blog (May 7, 2021): https://orangematter.solarwinds.com/2021/05/07/an-investigative-update-of-the-cyberattack/
Secure by Design resources: - https://orangematter.solarwinds.com/2021/02/03/continuing-our-journey-to-becoming-secure-by-design/
- SolarWinds Secure by Design resource center: https://www.solarwinds.com/secure-by-design-resources
- SolarWinds Day virtual event with CISA and Congressional Representatives (June 28, 2023): https://www.youtube.com/watch?reload=9&v=Ak6RX_cX4Qo
- SolarWinds Aims to Set New Standard in Software Development With Next-Generation Build System: https://orangematter.solarwinds.com/2022/03/10/setting-the-new-standard-in-secure-software-development/
Company Information
| Name | SolarWinds Corp |
| CIK | 0001739942 |
| SIC Description | Services-Prepackaged Software |
| Ticker | SWI - NYSE |
| Website | |
| Category | Accelerated filer |
| Fiscal Year End | December 30 |