[mxskelly]

When will people realize that slapping yet another startup's tech stack onto yours isn't going to magically fix anything and in fact just adds complexity and points of failure.

I've always done my best to err on the side of "let's try not to add yet another level of complexity" and this strategy has yet to fail me.

[nrmitchi]

SolarWinds is a 21-year-old publicly-traded company.

They're not really "yet another startup".

I also don't think that the departments of the US Government are all going around all willy-nilly dropping tools from "yet another startup" into their core infrastructure.

While your overall point may be valid, it's tough to come to the conclusion that it is applicable here.

[falcolas]

I believe that you have mis-read their comment - they aren't saying Solar Winds is "yet another startup", they're saying that SolarWinds is incorporating 3rd party technology (the so-called supply chain attack on their build) without vetting it.

And, if we're being honest, those technologies probably are based off startup tech; SolarWinds purchases and incorporates startup companies (such as Vivid Cortex recently).

[nrmitchi]

That is entirely possible.

[mcguire]

Willy-nilly dropping tools into core infrastructure is largely how government IT works.

Corporate IT, too, from what I've seen.

[notabee]

That's very true, In my limited experience, they are tools sold to non-technical leadership that are either thrown to technical staff to deal with and implement or require letting yet another vendor have network access to manage. It adds up to a hot mess.

[mcguire]

My favorite comment from a (authentication system) vendor, during a meeting where we were trying to figure out why users were having trouble logging into an internal app: "Do I have a charge code for this?"

[wglb]

No longer publicly traded: https://www.solarwinds.com/company/press-releases/solarwinds...

[nrmitchi]

Went public again Oct 18, 2018: https://www.solarwinds.com/company/press-releases/2018-q4/so...

[wglb]

I stand corrected.

[reaperducer]

SolarWinds is a 21-year-old publicly-traded company. They're not really "yet another startup".

Today it is. If we knew when SolarWinds was added to the government systems, his comment might stand.

[mgreenleaf]

And yesterday's startup is tomorrow's billion dollar company, often with nothing changed except the number of customers.

[rplnt]

Startup or not, government contracts require certain certifications.

[hobs]

SolarWinds isn't another startup, its been around for over 20 years, I have used their software half a decade ago and it did the job just fine.

Age doesn't imply its good either, but blaming startups isn't the problem here.

[onetimemanytime]

>>I have used their software half a decade ago and it did the job just fine.

Russia agrees.

[Karunamon]

I agree with the point, but that's not what happened here. SolarWinds Orion isn't some VC-backed panacea sold by SV hucksters to cure all your infrastructure's ills, it's a monitoring stack like Zenoss or Zabbix or (...) and is correctly marketed as such.

[falcolas]

When the financial costs of exposing yourself to such risks outweigh the time saved.

So, never. At least, not in our current software development industry.