back to article SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach

SolarWinds’ chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a “very small” number while giving a speech to an infosec event. Sudhakar Ramakrishna, who joined the biz in January, made the comparison while giving the opening keynote at the CyberUK conference, organised by …

  1. Archivist

    Reject any criticism

    If it can happen to anybody then we're blameless should it ever happen to us.

  2. Pascal Monett Silver badge
    FAIL

    a “very small” number

    Well of course, compared to 7 billion people on the planet, 18 000 is indeed a very small number.

    Except that your 18000 customers just happen to include some of the most important organizations on the planet.

    Oh, you forgot that point, didn't you ?

    Well we didn't. And neither did they.

    1. Muppet Boss Bronze badge
      Happy

      Re: a “very small” number

      What's 18'000 compared to eternity? Let's forgive and forget. Ommmmm...

    2. Mark 32

      Re: a “very small” number

      The actual context of the reference to a 'very small' number is not the 18,000 customers who had installed the affected version of code, but the number of those 18,000 that had actively been compromised, which according to that speech and the follow up article is less than 100.

      https://orangematter.solarwinds.com/2021/05/07/an-investigative-update-of-the-cyberattack/

      I am not making light of the seriousness of the incident here, but posting what the published facts are.

      1. Michael Wojcik Silver badge

        Re: a “very small” number

        Known to have been compromised. And I would call that a "very small" consolation.

        Considering that in the same sentence he managed to jam in the patent untruths that the attack was "unique" and "very novel", I think it's safe to dismiss the entire speech as utter bombast and bullshit.

        Making excuses to avoid making amends.

        1. jake Silver badge
          Pint

          Re: a “very small” number

          Succinct.

    3. Potemkine! Silver badge
      Paris Hilton

      PR stunt

      "but 18 000 is nothing compared to the 37 billions customers we have"

  3. cantankerous swineherd Silver badge

    "By that, I mean using science and tech to help defend against threats. To amplify our values. And as a consequence, make Britain stronger and more prosperous."

    a grown man spouting this bilge.

    1. keithpeter Silver badge
      Childcatcher

      @swineherd and all

      I'd quite like to see some prudent planning around 'what do we do if the IT stops working' for public sector organisations and perhaps some of the logistics companies in the food/sewage/medical/energy supply chains.

      Remember 2ky? Local shops and temples had emergency kitchens stocked up just in case on a purely voluntary basis.

      Icon: Not just foreign aggression. What chance of a Carrington event within the next 10 years?...

  4. jake Silver badge

    I know an even smaller number of people/organizations ...

    ... who will ever trust these clowns again.

  5. amanfromMars 1 Silver badge

    Who you gonna call .....

    ... whenever Alien Celestial Existential ExtraTerrestrial comes a'knocking removing all pretentious barriers?

    Who/What does an M or a C or a Q talk to whenever floating about like a cork all at Sea in a TEMPESTuous Storm with Zero Novel NEUKlearer See/Approved Improved Enlightening Sight?

    “There is no doubt that we are facing a moment of reckoning,” said Fleming, ominously. “But it’s clear that to face up to this moment of reckoning, we need to protect and build our strategic technology advantage. By that, I mean using science and tech to help defend against threats. To amplify our values. And as a consequence, make Britain stronger and more prosperous.”

    Does GCHQ director Jeremy Fleming, who oversees the surveillance agency's NCSC offshoot, actually believe Britain has any viable strategic technology advantage program with platforms and projects and presentations providing exceptionally mutually beneficial satisfaction to all impacted, to protect and build upon and defend against all manner of crazy and/or misguided threats .......... or is the honest truth, such is what UKGBNI and others are confronted by and identify as a hostile enemy threat to be repulsed in mad battles rather than realise as an extremely attractive addictive treat to be enthusiastically encouraged and ACTively exploited and engaged with?

    To persevere in pursuit of the former with thoughts of defence morphing into implausible plans for attack rather than simply accepting and engaging with the civilised sophisticated agencies and unique universal utility of the latter, would be a colossal blunder costing traditional inherited and conventionally commanded and conveniently controlled SCADA systems more blood and treasure, pain and grief than it is possible to endure and survive.

    There is no doubt that we are facing a moment of reckoning,” must be a prime candidate for the understatement of the century at least.

    What do y'all want to do about IT? Is there anything you think you can effectively and efficiently do, or would you just rather it was sort of magically fixed for you by others you're best not knowing too much about for your own safety, at whatever it costs which will certainly not be cheap in the fields and ranges that generate key interest in the sums and to the tunes of billions and trillions?

  6. EricB123

    Time warp

    Maybe ol' Sind was serious about 18,000 being a small number. I was in India a few years back for a surgical procedure. The last day I was informed that I was healthy enough to visit the Taj Mahal. I said that the Taj Mahal was a four hour drive each way from the hospital in New Delhi. The woman looked at me quizzicaly and said "that's what I just said. It's close". Perhaps the people in India have a different view of the entire time-space continumn.

    1. Naselus

      Re: Time warp

      It's all relative to Csuite execs tbh. For example, 18,000 is a small number when it's being added to their own paycheck, but a very large number when I'm asking for it to be added to mine.

    2. gerdesj Silver badge
      Windows

      Re: Time warp

      When you live in a country the size of India then four hours is considered within close range.

      I have some relos in Aus (I'm a Brit) and my great aunt lived 40 odd miles away from her nearest neighbour. Here it's 45 miles from Yeovil to Exeter and the SW of England is considered quite but not very rural. I also have relos in Canada and some in the US. Those are also quite large places with some very sparsely populated areas. I might go as far as describing CA as quite sodding big.

      Four hours from Yeovil gets you to Derby (Midlands, England) and: Very roughly, one hour to BRS + one hour wait + one hour in the air ... hello Dublin, Ireland (Blackpool!) It takes about five hours to get to Blackpool (Lancs) from here.

      So, it depends ... when you talk about "far." The Voyagers I and II are moving quite rapidly and in four hours they cover about 140,000 miles. The moon is about 240,000 miles away from earth. "About" is around two significant figures here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021