Microsoft has revealed it has faced the SolarWinds cyberattack and that the hacker has managed to view source code repositories for some of its products.
The company, however, was quick to downplay the significance of the compromise, providing two main reasons why the criminals can do little with the material accessed.
Either, the accounts were view-only, so the attackers could not have altered the code in any way. Or second, Microsoft explained that its programmers work on the basis that all insiders can see the source code anyway.
"At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to make source code viewable within Microsoft," the company said.
"This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn't tied to elevation of risk."
Microsoft source code has earlier too has been leaked and the company had always held the same stance.
The cybersecurity experts from FireEye, late last year spotted malware spreading through a compromised patch for SolarWinds' Orion product. It was later uncovered that criminals created a foothold in the SolarWinds network through compromised Office 365 accounts and were able to embed malicious code into an upcoming Orion patch.
The patch was distributed to hundreds of thousands of Orion users, 18,000 of which were compromised. Among them, besides Microsoft, were also US
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
