SolarWinds, the SEC, and the CISO: Who is legally responsible for security?
Lessons learned from the 2020 SolarWinds hack have had lasting effects on the industry’s approach to supply chain security. Yet even as best practices and regulations for preventing and mitigating critical supply chain issues are being introduced, a complaint filed by the SEC against SolarWinds and its CISO Timothy Brown has added a new chapter to the saga and reignited a crucial debate: who takes the fall when things go wrong?