Re: [PLUG] OT: SolarWinds

[Rich Kulawiec via plug <plug@lists.phillylinux.org>]

On Sat, Dec 19, 2020 at 01:07:50PM -0500, Rich Kulawiec via plug wrote:
> Let's run with that, for a moment.  Look at what Orion has done
> *since* this has come out.

Addendum:

One of the things that I like to do is to read companies' SEC filings.
Why?  Because they'll send their spokesliars out all day long to wallpaper
over what they've done (or not done) but most of them are far more candid
in their SEC paperwork...because people who aren't sometimes go to prison.

This is a $6B company that makes -- by its own claims -- software that's
used in critical and sensitive roles throughout corporations, educational
institutions, government agencies, etc.

This is a company that (in 2019) paid its president $1.4M, one EVP $.75M,
another EVP $.7M, another EVP $.7M, another EVP $.65M...blah, blah blah.
My point is that they seem to have plenty of money -- enough to waste
lots of it on useless/redundant C-level personnel.

This is a company that made $343M in the first 9 months of 2020 off
of Orion.

Now...attached is a copy [PDF] of an 8-K filing from SolarWinds from
just about a week ago (courtesy @File411, who did the highlights too).
Let me call your attention to the second-to-last paragraph on page 2.

That's where we find out that this is *also* a company that was too cheap
to hire someone to run their own mail server, a baseline requirement for
anyone who even wants to pretend to run a secure operation.  These clowns
outsourced it to Office365 -- which is like taping a 3-story high "kick me"
sign to their building.

And whaddaya know, they got kicked.

Nearly four hundred million dollars in revenue in just nine months and
they were unwilling to drop a few hundred thousand on mail infrastructure
and administrators.  No, instead they saved the money and cheerfully
indulged in what is well-known to be a worst practice.

So spare me any talk about how we should take it easy on them because
we want vendors to be honest with us.  No.  Screw that.  These greedy,
stupid people should be publicly crucified and their company burned to
the ground.  The damage they've done is going to cost a fortune to repair
and that's before we start trying to assess the cost of the dataloss
incidents they've caused, and we can't even do *that* yet because this was
an access hack and we have very little what they accessed besides "a lot".

It'd be nice if vendors were more honest, sure.  But it would be much
nicer if they were less greedy and stupid.

---rsk

Attachment: SolarWinds_SEC_DEC14th_8K_form.pdf
Description: Adobe PDF document

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug