In my opinion...
...The chain of events that leads to large scale attacks like these are often long, tangled, and punctuated by Board Level employees cutting corners to supply bigger dividends. The failures often go beyond the company and it's culture to include politicians pushing for hands-off government regulations. The fact that Solarwinds is still in business seems like a another symptom of the run away capitalist societies we live in, at least to me.
I do not think Solarwinds in free of fault. But then again neither is the SEC, the FTC, or the FCC. Without a unified government body with strong enforcement powers to regulate IT standards and practices in the business world we are destined to watch this story play out again and again were only the names have been changed to protect the innocent...and the guilty.