People have long memories, and companies will move to other suppliers.Ĭleary, the company put $ before anything else, and the CEO and other high ranking members dumping all their stock has proven this. But for now I don't see this happening for sometime.
#HOW DO I CHECK HOW MANY LICENCES AVAILABLE ORION SOLARWINDS SOFTWARE#
Whlst the dust will likely settle, and IF SW as a company survives this intrustion, and the impending compensation packages to their customers, then there will likely come a time when people will look to the software again. And this article suggests that SW management was well aware of the problems they faced, and ignored them! If all that is being spoken about in the infosec community is correct, then SW were their own worst enemy, and whilst the attack that took place was sophisticated, the entry point really wasnt. But companies are going to leave this sinking ship. You're as diplomatic here as you are on thwack. This attack is absolutely a can of worms, I think we can all agree on that. There is real risk in any similar toolset, and when running it, you likely need to pay attention to how its done, and easy is not better. That said, that list of big agencies and companies, a lot will keep it around.
Some people definitely won't want to buy in now. I think you stand it next to competitors, and be open and honest about it, and let them guide how concerned to be. You match the needs of the environment, which include things like what it can do, how much it costs, how security evaluates it (or you on their behalf), maintaining it, etc. I am as big a user of Orion as any, but I wouldn't have done that before anyway. I can see it being hard to stand in front of somebody and sell Orion to them. The initial threat is past, so what does SolarWinds do next? Where we go now absolutely matters. Knee-jerk reactions never make sense to me. I would not be shocked that other flaws are patched shortly in a variety of SolarWinds products. I do think that stock value would plummet if this were to happen to them again which will inform how money is spent, and that the product has just had some very serious inspection. Open source is its own set of challenges, and I like and use Open source, but lets keep our eyes open to all risks. I suspect that shareholder value does drive most decisions, but but if its a public company writing a product that will still be true. What we know is that an attack by a foreign state would have been success most places. Unfortunately, we don't know much about the internal process of software development, and the recent events don't change that.