SolarWinds: Should Security Live in InfoSec or DevOps
The SUNBURST malware attack on SolarWinds shone a light on how threat actors can “shift left” and attack the software supply chain itself—with catastrophic results. To defend against similar attacks in the future, all organizations that build software for commercial or internal use must shift their defenses left to protect all aspects of the software supply chain, including the entire build pipeline. Although it is clear that something needs to be done, the big question is which part of the organization should take primary responsibility—InfoSec or development teams.