By choosing appropriate mitigations/controls/countermeasures and finding your risk appetite you can most likely find areas that should be improved and perhaps identify a security level you can be comfortable with. This goes for all parts of software development and will help you choose appropriate measures.Īttacks on the build environment are most often preventable, but often require work and in many cases must be weighed against productivity. Stakeholders and decision-makers must then take security decisions. To help identify those defenses we must evaluate threats and assess risk. The focus, energy and money should ideally be spent on the most critical defenses. Software producers must realize and accept that the entire development process is sensitive, as it produces the software which is later deployed in sensitive systems.ĭepending on the assets protected by the produced software and development process, different levels of mitigations could be implemented. This is not entirely unreasonable, as traditionally that is how attacks happen, but it also leaves threat actors focusing on the supply-chain with great leeway to perform attacks. Security defenses have historically focused almost exclusively on the runtime environments, with the assumption of the deployed code being trustable (albeit potentially vulnerable). A build server is not the only sensitive component in modern development, and the same neglect is often shown for most parts of the process. Not only are threats often ignored, but it is perhaps even more common for them to not be evaluated at all. The build environment is typically neglected by defenders, and to some extent by attackers.
Supply chain attacks can affect organizations both in the form of becoming the facilitator of malware to customers (like SolarWinds) and becoming the victim of the malware (like SolarWinds’ customers). The end goal in such an attack is not to gain access to the supplier (SolarWinds), but rather to leverage the supplier’s products to access its customers’ systems.
To be able to mitigate such attacks it is important to first understand the goals of the threat actors. Using threat modeling it is possible to identify mitigations to reduce the risk and improve the security of the development life-cycle. SUNBURST is malware that was spread by breaching the build server for SolarWinds' Orion product. Securing build servers and the development process as a whole is crucial to avoid becoming part of a software supply-chain attack.
0 kommentar(er)
