SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm

The recent SolarWinds breach highlights a shift in the Software Supply Chain paradigm, where proprietary code is no longer considered more secure than open-source code. Open source code has been found to be more secure due to its faster fix/patch/update cycle and increased access to source code. Despite this, many companies still prefer proprietary code, with 96% of applications using open-source code and 80% of the code in the Software Supply Chain coming from open sources. The SolarWinds breach shows how malicious actors can exploit vulnerabilities in open-source code, demonstrating that no code is impenetrable. To address this, organizations must arm themselves with tools to scan their open-source code, proprietary code, containers, and infrastructure as code, implementing these processes early in the software development lifecycle (SDLC). A developer-first cloud-native application security platform, such as Snyk's, can help identify, prioritize, fix, and monitor vulnerabilities, providing timely and accurate information through its comprehensive vulnerability database.