Securing build servers and the development process as a whole is crucial to avoid becoming part of a software supply-chain attack. SUNBURST is a malware that was spread by breaching the build server for SolarWinds’ Orion product. Using threat modeling it is possible to identify mitigations to reduce the risk and improve the security of the development life-cycle.

This is a preliminary analysis of the SolarWinds Orion supply-chain nation-state attack. This is an ongoing analysis and more information will be published when available.