Lessons From SolarWinds

The vulnerability in Apache’s Log4j software library discovered in December 2021 is yet another reminder of the far-reaching effects software-supply-chain hacks can have. It recalls an incident discovered a year before – the infamous SolarWinds attack. Sudhakar Ramakrishna took the helm of SolarWinds right in the wake of that attack, and at last fall’s IAPP Privacy.Security.Risk. conference, Ramakrishna spoke with Andrew Serwin, a partner at DLA Piper who served as counsel for SolarWinds, about the takeaways from the attack that opened many companies’ eyes to the vulnerability of software supply chains. We distill their insights. See our two-part series on digital identity management in a post-pandemic world: “A Framework for Identity-Centric Cybersecurity” (Mar. 24, 2021); “SolarWinds, Zero Trust and the Challenges Ahead” (Mar. 17, 2021).

To read the full article

Continue reading your article with a CSLR subscription.