{"id":748,"date":"2021-04-02T11:10:16","date_gmt":"2021-04-02T18:10:16","guid":{"rendered":"https:\/\/salesforcedevops.net\/?p=748"},"modified":"2021-05-30T14:32:10","modified_gmt":"2021-05-30T21:32:10","slug":"the-solarwinds-hack-and-salesforce-devops","status":"publish","type":"post","link":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/","title":{"rendered":"The SolarWinds Hack and Salesforce Devops"},"content":{"rendered":"\n<p class=\"has-drop-cap wp-block-paragraph\">The devops industry is undergoing a transformation in 2021 as security takes center stage, mainly because of the SolarWinds hack (check <a href=\"https:\/\/apnews.com\/article\/solarwinds-fireeye-hack-explained-07e55dfd7fb9e6de96b55a7788eaa93e\">here for more details<\/a>). We know now that a bad actor infiltrated command-and-control (C2) code into a SolarWinds network scanning tool. Sent to 60,000 customers, several dozen of whom turned out to be government agencies, the C2 code &#8220;phoned home&#8221; for further instructions, and in some cases, it went on to further infiltrate the target network. How did the bad actors do it? By gaining access to SolarWinds source code repositories. For Salesforce devops and IT leaders, how does this security red alert impact you?<\/p>\n\n\n\t\t\t\t<div class=\"wp-block-uagb-table-of-contents uagb-toc__align-left uagb-toc__columns-1  uagb-block-c44fd518      \"\n\t\t\t\t\tdata-scroll= \"1\"\n\t\t\t\t\tdata-offset= \"30\"\n\t\t\t\t\tstyle=\"\"\n\t\t\t\t>\n\t\t\t\t<div class=\"uagb-toc__wrap\">\n\t\t\t\t\t\t<div class=\"uagb-toc__title\">\n\t\t\t\t\t\t\tTable Of Contents\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"uagb-toc__list-wrap \">\n\t\t\t\t\t\t<ol class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#developer-security-is-a-thing\" class=\"uagb-toc-link__trigger\">Developer Security Is A Thing<\/a><li class=\"uagb-toc__list\"><a href=\"#keep-your-perimeter-tight\" class=\"uagb-toc-link__trigger\">Keep Your Perimeter Tight<\/a><li class=\"uagb-toc__list\"><a href=\"#developer-security-cannot-be-an-afterthought\" class=\"uagb-toc-link__trigger\">Developer Security Cannot Be an Afterthought<\/a><li class=\"uagb-toc__list\"><a href=\"#have-fun-and-be-safe\" class=\"uagb-toc-link__trigger\">Have Fun and Be Safe<\/a><li class=\"uagb-toc__list\"><a href=\"#verns-salesforce-devops-posts\" class=\"uagb-toc-link__trigger\">Vern&#039;s Salesforce Devops Posts<\/a><li class=\"uagb-toc__list\"><a href=\"#about-vernon-keenan\" class=\"uagb-toc-link__trigger\">About Vernon Keenan<\/a><\/ol>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\n\n\n<h2 class=\"wp-block-heading\">Developer Security Is A Thing<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When engaged in the eternal war of IT security measures and countermeasures, every enterprise&#8217;s security considerations start with the perimeter, devices, and networks. Now, security is moving up the stack and has sprung yet another crop of imponderable four-letter acronyms. These devops security subsectors cover separate devops security concerns.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Static Application Security Testing (SAST)<\/strong> \u2013 SAST tools work with source code repositories. In the case of Salesforce, this includes things like SQL injection or bad JavaScript. Good SAST tools offer remediation assistance.<\/li><li><strong>Dynamic Application Security Testing (DAST)<\/strong> \u2013 DAST tools work with running systems. DAST is like a \u201cwhite hat penetration test,\u201d where the vendor applies systematic techniques to look for vulnerabilities in your application, simulating the techniques an attacker uses.<\/li><li><strong>Interactive Application Security Testing (IAST)<\/strong> \u2013 An IAST solution involves inserting an application security server into production operations. That server has a unique inside view of potential vulnerabilities.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Keep Your Perimeter Tight<strong><\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Beating the enemy in security takes a holistic approach, so developer security must include more than a focus on code. If your enterprise has a security perimeter, then use it, even in offshore environments. Upgrade VPN usage to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Software-defined_networking\">SD-WAN<\/a> or other corporate security solutions to harden every developer\u2019s environment. Strengthen your endpoint security by issuing work-only, centrally-managed endpoints to everyone in devops, especially to vendors and other contractors (<a href=\"https:\/\/www.zdnet.com\/article\/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned\/\">remember Target?<\/a>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Because of SolarWinds, we know that developer security goes beyond the xAST world. We must assume that developers are now subject to high-value, targeted spear phishing attacks. Until recently, only financial crimes or state-sponsored espionage warranted such a high-value attack. Now, technology and enterprise developers are being personally profiled and targeted for network infiltration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Developer Security Cannot Be an Afterthought<strong><\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">I have also heard the term \u201csoftware supply chain security\u201d to describe what happened in the SolarWinds Hack, and to express the need for developer security. And other writers use the term \u201cshift left\u201d to describe developers becoming more responsible for application security. So, to \u201cshift left\u201d means giving your developers the tools needed to make sure their code is secure. And it is called \u201cshift left\u201d because the typical SDLC chain has the developer on the left end? All I know is that this is another example of a confusing and alienating term we should keep clear of the C-suite.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the Salesforce world customers handle static code analysis concerns with currently available software offerings. Last week we saw <a href=\"https:\/\/origin.salesforcedevops.net\/index.php\/2021\/03\/25\/autorabit-acquires-salesforce-devops-security-tool-maker-codescan\/\">AutoRABIT purchase Codescan<\/a> to add static scanning capabilities to their offerings. Other security vendors selling static security tools for Salesforce today include <a href=\"https:\/\/getclayton.com\/\">Clayton<\/a>. <a href=\"https:\/\/www.digitsec.com\/\">S4 from DigitSec<\/a> has static, dynamic, and interactive features (check out the <a href=\"https:\/\/docs.google.com\/spreadsheets\/d\/1QZkwzbsEfRiu1-FYMemgDEbBWCmQ0gMBEZOwZd-SX20\/edit?usp=sharing\">SalesforceDevops list of companies here<\/a>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the name of simplification of our nomenclature, let us call the entire set of xAST concerns Developer Security and that developer security is now a major concern for any technology company or enterprise that produces software. And a full developer security program needs to be in the devops budget.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Have Fun and Be Safe<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Deal with the consequences of the SolarWinds hack by making overall developer security a major concern of any devops program. Look closely at the tools and services currently available. And make sure the people working on your coding efforts have well-maintained endpoints with a security perimeter protecting them from the bad actors. By offering these services as a core part of your devops program, your developers will have the power to have fun coding, safely.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"block-cf92440d-a18d-45f5-839d-1a9bd45f3334\">Vern&#8217;s Salesforce Devops Posts<\/h2>\n\n\n\n<ul class=\"wp-block-list\" id=\"block-4dea6362-0628-4e20-af56-e0558fddaab8\"><li><a href=\"https:\/\/vernonkeenan.com\/index.php\/2021\/03\/14\/salesforce-sldc-nomenclature\/\">Salesforce SDLC Nomenclature: Adopting the Ways of The Devops<\/a><\/li><li><a href=\"https:\/\/vernonkeenan.com\/index.php\/2021\/03\/10\/salesforce-devops-in-early-2021\/\">Salesforce Devops in Early 2021<\/a><\/li><li><a href=\"https:\/\/vernonkeenan.com\/index.php\/2021\/03\/21\/the-ways-of-the-salesforce-devops-build-or-buy\/\">The Ways of the Salesforce Devops: Build or Buy?<\/a><\/li><li><a href=\"https:\/\/vernonkeenan.com\/index.php\/2021\/03\/18\/sfdx-cli-paves-the-way-for-open-source-salesforce-devops\/\">SFDX-CLI Paves The Way for Open-Source Salesforce Devops<\/a><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"block-b1252acc-9123-4524-9506-84600739a3d2\">About Vernon Keenan<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright\"><img loading=\"lazy\" decoding=\"async\" width=\"234\" height=\"234\" src=\"https:\/\/ceres-gw.tnxs.net\/wp-content\/uploads\/2021\/03\/Vern-headonly-small.png\" alt=\"Vernon Keenan headshot\" class=\"wp-image-437\" srcset=\"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/03\/Vern-headonly-small.png 234w, https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/03\/Vern-headonly-small-150x150.png 150w\" sizes=\"auto, (max-width: 234px) 100vw, 234px\" \/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Vernon Keenan (<a href=\"https:\/\/linkedin.com\/in\/vernonkeenan\">LinkedIn<\/a>) works as a senior information technology industry consultant based in Oakland, California.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">He earned his B.Sc. in Biomedical Engineering at Northwestern University where he programmed a PDP-8 with punched paper tape.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In his 34-year-long career he has been a teacher, SPSS programmer, database administrator, clinical researcher, technology journalist, product marketing manager, market researcher, management consultant, and industry analyst. Most recently he is a telecom operator, cloud architect, Go devops engineer and Salesforce Developer\/Architect.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For inquiries about Salesforce strategy briefings or solution architect work please contact Vern directly at +1-510-679-1900 or&nbsp;<a href=\"mailto:vern@vernonkeenan.com\"><\/a><a href=\"mailto:vern@vernonkeenan.com\">vern@vernonkeenan.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The devops industry is undergoing a transformation in 2021 as security takes center stage, mainly because of the SolarWinds hack (check here for more details). We know now that a&hellip;<\/p>\n","protected":false},"author":1,"featured_media":753,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","footnotes":""},"categories":[6],"tags":[17,21,28,35,36,56,59,62],"post_series":[],"class_list":["post-748","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-clayton","tag-dast","tag-digitsec","tag-iast","tag-industry-analysis","tag-sast","tag-security","tag-solarwinds","entry","has-media"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.2 (Yoast SEO v22.2) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The SolarWinds Hack and Salesforce Devops - SalesforceDevops.net<\/title>\n<meta name=\"description\" content=\"The SolarWinds Hack penetrated source code repos. For Salesforce devops and IT leaders, how does this security red alert impact you?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The SolarWinds Hack and Salesforce Devops - SalesforceDevops.net\" \/>\n<meta property=\"og:description\" content=\"The SolarWinds Hack penetrated source code repos. For Salesforce devops and IT leaders, how does this security red alert impact you?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/\" \/>\n<meta property=\"og:site_name\" content=\"SalesforceDevops.net\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/salesforcedevopsnet\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-02T18:10:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-30T21:32:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Vernon Keenan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@salesforcedevop\" \/>\n<meta name=\"twitter:site\" content=\"@salesforcedevop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vernon Keenan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/\"},\"author\":{\"name\":\"Vernon Keenan\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/#\/schema\/person\/ac094823465a60be4f47d7321ed7ce04\"},\"headline\":\"The SolarWinds Hack and Salesforce Devops\",\"datePublished\":\"2021-04-02T18:10:16+00:00\",\"dateModified\":\"2021-05-30T21:32:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/\"},\"wordCount\":826,\"commentCount\":10,\"publisher\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg\",\"keywords\":[\"Clayton\",\"DAST\",\"DigitSec\",\"IAST\",\"Industry Analysis\",\"SAST\",\"Security\",\"SolarWinds\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#respond\"]}],\"copyrightYear\":\"2021\",\"copyrightHolder\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/\",\"url\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/\",\"name\":\"The SolarWinds Hack and Salesforce Devops - SalesforceDevops.net\",\"isPartOf\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg\",\"datePublished\":\"2021-04-02T18:10:16+00:00\",\"dateModified\":\"2021-05-30T21:32:10+00:00\",\"description\":\"The SolarWinds Hack penetrated source code repos. For Salesforce devops and IT leaders, how does this security red alert impact you?\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage\",\"url\":\"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg\",\"contentUrl\":\"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg\",\"width\":1000,\"height\":500,\"caption\":\"POZNAN, POL - NOV 12, 2020: Laptop computer displaying logo of SolarWinds, a company that develops software for businesses to help manage their networks, systems, and information technology infrastructure\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/#website\",\"url\":\"https:\/\/cms.salesforcedevops.net\/\",\"name\":\"SalesforceDevops.net\",\"description\":\"Elevating Salesforce Devops with Insights and Innovation\",\"publisher\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cms.salesforcedevops.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/#organization\",\"name\":\"SalesforceDevops.net\",\"url\":\"https:\/\/cms.salesforcedevops.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/origin.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/logo-horiz-325.jpg\",\"contentUrl\":\"https:\/\/origin.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/logo-horiz-325.jpg\",\"width\":325,\"height\":101,\"caption\":\"SalesforceDevops.net\"},\"image\":{\"@id\":\"https:\/\/cms.salesforcedevops.net\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/salesforcedevopsnet\",\"https:\/\/twitter.com\/salesforcedevop\",\"https:\/\/www.linkedin.com\/in\/vernonkeenan\",\"https:\/\/www.youtube.com\/channel\/UCOgOn9rD5gyXSOmV7-Q0n7g\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/#\/schema\/person\/ac094823465a60be4f47d7321ed7ce04\",\"name\":\"Vernon Keenan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cms.salesforcedevops.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cms.salesforcedevops.net\/wp-content\/wphb-cache\/gravatar\/09b\/09bd30f3ca2e049fbd8b9313ef5a41aex96.jpg\",\"contentUrl\":\"https:\/\/cms.salesforcedevops.net\/wp-content\/wphb-cache\/gravatar\/09b\/09bd30f3ca2e049fbd8b9313ef5a41aex96.jpg\",\"caption\":\"Vernon Keenan\"},\"description\":\"Vernon Keenan (LinkedIn) works as a senior information technology industry consultant based in Oakland, California. He earned his B.Sc. in Biomedical Engineering at Northwestern University where he programmed a PDP-8 with punched paper tape. In his 34-year-long career he has been a teacher, SPSS programmer, database administrator, clinical researcher, technology journalist, product marketing manager, market researcher, management consultant, and industry analyst. Most recently he is a telecom operator, cloud architect, Go devops engineer and Salesforce Developer\/Architect. For inquiries about Salesforce strategy briefings or solution architect work please contact Vern directly at +1-510-679-1900 or vern@vernonkeenan.com.\",\"sameAs\":[\"https:\/\/ceres-gw.tnxs.net\",\"https:\/\/linkedin.com\/in\/vernonkeenan\",\"https:\/\/twitter.com\/salesforcedevop\"],\"url\":\"https:\/\/cms.salesforcedevops.net\/index.php\/author\/vern\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The SolarWinds Hack and Salesforce Devops - SalesforceDevops.net","description":"The SolarWinds Hack penetrated source code repos. For Salesforce devops and IT leaders, how does this security red alert impact you?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/","og_locale":"en_US","og_type":"article","og_title":"The SolarWinds Hack and Salesforce Devops - SalesforceDevops.net","og_description":"The SolarWinds Hack penetrated source code repos. For Salesforce devops and IT leaders, how does this security red alert impact you?","og_url":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/","og_site_name":"SalesforceDevops.net","article_publisher":"https:\/\/www.facebook.com\/salesforcedevopsnet","article_published_time":"2021-04-02T18:10:16+00:00","article_modified_time":"2021-05-30T21:32:10+00:00","og_image":[{"width":1000,"height":500,"url":"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg","type":"image\/jpeg"}],"author":"Vernon Keenan","twitter_card":"summary_large_image","twitter_creator":"@salesforcedevop","twitter_site":"@salesforcedevop","twitter_misc":{"Written by":"Vernon Keenan","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#article","isPartOf":{"@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/"},"author":{"name":"Vernon Keenan","@id":"https:\/\/cms.salesforcedevops.net\/#\/schema\/person\/ac094823465a60be4f47d7321ed7ce04"},"headline":"The SolarWinds Hack and Salesforce Devops","datePublished":"2021-04-02T18:10:16+00:00","dateModified":"2021-05-30T21:32:10+00:00","mainEntityOfPage":{"@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/"},"wordCount":826,"commentCount":10,"publisher":{"@id":"https:\/\/cms.salesforcedevops.net\/#organization"},"image":{"@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage"},"thumbnailUrl":"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg","keywords":["Clayton","DAST","DigitSec","IAST","Industry Analysis","SAST","Security","SolarWinds"],"articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#respond"]}],"copyrightYear":"2021","copyrightHolder":{"@id":"https:\/\/cms.salesforcedevops.net\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/","url":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/","name":"The SolarWinds Hack and Salesforce Devops - SalesforceDevops.net","isPartOf":{"@id":"https:\/\/cms.salesforcedevops.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage"},"image":{"@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage"},"thumbnailUrl":"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg","datePublished":"2021-04-02T18:10:16+00:00","dateModified":"2021-05-30T21:32:10+00:00","description":"The SolarWinds Hack penetrated source code repos. For Salesforce devops and IT leaders, how does this security red alert impact you?","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cms.salesforcedevops.net\/index.php\/2021\/04\/02\/the-solarwinds-hack-and-salesforce-devops\/#primaryimage","url":"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg","contentUrl":"https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg","width":1000,"height":500,"caption":"POZNAN, POL - NOV 12, 2020: Laptop computer displaying logo of SolarWinds, a company that develops software for businesses to help manage their networks, systems, and information technology infrastructure"},{"@type":"WebSite","@id":"https:\/\/cms.salesforcedevops.net\/#website","url":"https:\/\/cms.salesforcedevops.net\/","name":"SalesforceDevops.net","description":"Elevating Salesforce Devops with Insights and Innovation","publisher":{"@id":"https:\/\/cms.salesforcedevops.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cms.salesforcedevops.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cms.salesforcedevops.net\/#organization","name":"SalesforceDevops.net","url":"https:\/\/cms.salesforcedevops.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cms.salesforcedevops.net\/#\/schema\/logo\/image\/","url":"https:\/\/origin.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/logo-horiz-325.jpg","contentUrl":"https:\/\/origin.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/logo-horiz-325.jpg","width":325,"height":101,"caption":"SalesforceDevops.net"},"image":{"@id":"https:\/\/cms.salesforcedevops.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/salesforcedevopsnet","https:\/\/twitter.com\/salesforcedevop","https:\/\/www.linkedin.com\/in\/vernonkeenan","https:\/\/www.youtube.com\/channel\/UCOgOn9rD5gyXSOmV7-Q0n7g"]},{"@type":"Person","@id":"https:\/\/cms.salesforcedevops.net\/#\/schema\/person\/ac094823465a60be4f47d7321ed7ce04","name":"Vernon Keenan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cms.salesforcedevops.net\/#\/schema\/person\/image\/","url":"https:\/\/cms.salesforcedevops.net\/wp-content\/wphb-cache\/gravatar\/09b\/09bd30f3ca2e049fbd8b9313ef5a41aex96.jpg","contentUrl":"https:\/\/cms.salesforcedevops.net\/wp-content\/wphb-cache\/gravatar\/09b\/09bd30f3ca2e049fbd8b9313ef5a41aex96.jpg","caption":"Vernon Keenan"},"description":"Vernon Keenan (LinkedIn) works as a senior information technology industry consultant based in Oakland, California. He earned his B.Sc. in Biomedical Engineering at Northwestern University where he programmed a PDP-8 with punched paper tape. In his 34-year-long career he has been a teacher, SPSS programmer, database administrator, clinical researcher, technology journalist, product marketing manager, market researcher, management consultant, and industry analyst. Most recently he is a telecom operator, cloud architect, Go devops engineer and Salesforce Developer\/Architect. For inquiries about Salesforce strategy briefings or solution architect work please contact Vern directly at +1-510-679-1900 or vern@vernonkeenan.com.","sameAs":["https:\/\/ceres-gw.tnxs.net","https:\/\/linkedin.com\/in\/vernonkeenan","https:\/\/twitter.com\/salesforcedevop"],"url":"https:\/\/cms.salesforcedevops.net\/index.php\/author\/vern\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",1000,500,false],"thumbnail":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1-150x150.jpeg",150,150,true],"medium":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1-300x150.jpeg",300,150,true],"medium_large":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1-768x384.jpeg",768,384,true],"large":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",980,490,false],"1536x1536":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",1000,500,false],"2048x2048":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",1000,500,false],"lightbox":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",1000,500,false],"search_results":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1-125x125.jpeg",125,125,true],"blog_entry":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1-750x450.jpeg",750,450,true],"blog_post":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",750,375,false],"blog_post_full":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",1000,500,false],"blog_related":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",1000,500,false],"gallery":["https:\/\/cms.salesforcedevops.net\/wp-content\/uploads\/2021\/04\/AdobeStock_396095745_Editorial_Use_Only-1000x500-1.jpeg",1000,500,false]},"uagb_author_info":{"display_name":"Vernon Keenan","author_link":"https:\/\/cms.salesforcedevops.net\/index.php\/author\/vern\/"},"uagb_comment_info":10,"uagb_excerpt":"The devops industry is undergoing a transformation in 2021 as security takes center stage, mainly because of the SolarWinds hack (check here for more details). We know now that a&hellip;","_links":{"self":[{"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/posts\/748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/comments?post=748"}],"version-history":[{"count":1,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/posts\/748\/revisions"}],"predecessor-version":[{"id":2742,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/posts\/748\/revisions\/2742"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/media\/753"}],"wp:attachment":[{"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/media?parent=748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/categories?post=748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/tags?post=748"},{"taxonomy":"post_series","embeddable":true,"href":"https:\/\/cms.salesforcedevops.net\/index.php\/wp-json\/wp\/v2\/post_series?post=748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}