Re: Oh those Russians!
"Isn't the hack DIRECTLY attributable to poor development processes in the organisation which was attacked?"
From various forums, it appears that the build system was remotely accessible, either directly or via VPN with no 2FA or strong password requirements. The reason it appears to be the build server is that public statements indicate the source code and other systems were not compromised. BUT that only allowed access AND should have been discovered at some point in the ~7 months the malicious code was present. Where were the checks to make sure the build system was producing the code that was expected? That isn't an agile issue - thats a "we throw it at the build system and fix any errors, otherwise its good to ship" problem.
And then there is the question of how 18,000 organisations (based on Solarwinds published details), many of whom had the resouces and security infrastructure in-place to detect this, managed to download the compromised code and use it and it only gets discovered by accident when a second phone number is added to a Microsoft account of a FireEye employee and a vigilant Microsoft security person questioned it.
How did everyone miss this for so long?
Biting the hand that feeds IT
