If we are to find any vulnerability in the product that may have led to this, we will be fully transparent on the matter and inform our customers under our Security and Privacy policies. In addition, we not only run regular scheduled audits of our software, but we are now organizing a further independent security audit of TeamCity. To date we have no knowledge of TeamCity or JetBrains having been compromised in any way that would lead to such a situation. Has JetBrains or TeamCity been compromised? The fact that TeamCity is one of the tools used by SolarWinds during the build process is what we believe has led to the news coverage. “The Company hasn’t seen any evidence linking the security incident to a compromise of the TeamCity product,” he said. We are reviewing all internal and external tools as part of our investigations, which are still ongoing,” a SolarWinds spokesman said. “SolarWinds, like many companies, uses a product by JetBrains called TeamCity to assist with the development of its software. However, at this point, as also supported by the statements of SolarWinds’ own spokesperson, there is no evidence that TeamCity had any role in this. SolarWinds uses TeamCity among other tools during the build process. Currently it is only generally available as a self-hosted standalone application, meaning the end user is responsible for installing, configuring, and maintaining the system, including any security and access settings.īased on the public information available (which to date is the only thing we’re aware of as neither SolarWinds nor any governmental agency have reached out to us with any details regarding the breach), it seems that the attack on SolarWinds was targeted at their build process (what the media is referring to as a supply-chain attack). It serves to automate building, testing, and optionally deploying software. TeamCity is our Continuous Integration and Delivery Tool. What is TeamCity and why is it in the news? At this point we reiterate the message we posted yesterday – we have not played any role in this breach, nor are we aware of any vulnerabilities in TeamCity that may have led to this breach, as we are also not aware of any investigation underway. We’d like to provide a further update to our customers in regard to the SolarWinds breach. Please make sure you also read the follow-up post from the 8th of January 2021
0 Comments
Leave a Reply. |