In the recent SolarWinds Hack, the attackers would have compromised the update build system and introduced a backdoor upon building.
I know there are many tools to detect vulnerabilities in source code. But I was wondering what kind of tools could be used to detect vulnerabilities introduced in the building stage. Could this be detected using DAST tools or fuzzing?
Could SolarWinds have prevented the backdoor by more elaborately analyzing the software after build?
Aucun commentaire:
Enregistrer un commentaire