Would you accept software updates from a company like SolarWinds, whose tainted update infiltrated thousands of customers? How do you rebuild trust?

ArchitectureStrategy
709 viewscircle icon5 Upvotescircle icon3 Comments
Sort by:
Fractional CIO in Services (non-Government)4 years ago

Many large companies will thoroughly test updates before releasing them in to production, they'll alo have a grace period before they install them.

This protects the company, ensures that they don't introduce bugs into their environment, and prevents unnecessary down time.

They'll do this for both reputable companies and ones who have had issues in the past

While not foolproof, it is a smart approach.

The risk comes from the SaaS providers who's updates you have no control over. They can push straight to prod and you wear the impacts.

Like Microsoft and M365 last month.

Lightbulb on1
VP, Director of Cyber Incident Response in Finance (non-banking)4 years ago

One way that we've addressed that is our CSO talks to their CSO, and that level conversation helps inspire that trust. If you can get the right levels of management, to talk about what's happened, I think that goes a long way. If you can get the right levels of executive conversation to go back and forth, that is where the confidence gets inspired. And I've seen that numerous times, not only in my current role, and not just for supply chain compromises either. When you take a look at the ransomware landscape as well, it's the same thing. You've got to get the right people to say, "Yeah, it happened. Here's what we've done. Here's our assurance that this isn't going to happen again."

Lightbulb on1 circle icon1 Reply
no title4 years ago

Yeah. You're probably in a better position at large bank than we would be at mid-sized company in order to have executive-level conversations.

Lightbulb on1

Content you might like

For those who have trialed an AI pentest solution: what was the single biggest gap you encountered?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

What is your view on Agentic Automation?

Too much vendor hype — no practical use cases12%

Real usable form of AI agents are far from reality34%

Do not need it in next 2-3 years15%

Will use in next 2-3 years20%

Already using it16%

Do not understand what it means3%

View Results

Looking ahead, which of the following trends do you believe will most fundamentally transform how enterprises operate over the next 2–3 years?

AI-Native Business Functions – Replacing workflows with intelligent agents and autonomous decision-making47%

Cyber-Risk as a Business Metric – Elevating cybersecurity to the boardroom as a driver of trust and growth48%

Composable Operating Models – Orchestrating modular teams, systems, and strategies for maximum agility42%

Regulatory-Driven Transformation – Aligning legal, compliance, and IT around global digital governance19%

Data-Centric Culture – Embedding data ownership, literacy, and ethics across all business functions18%

View Results