SolarWinds case ends without penalties to the CISO or company!

BankInfoSecurity.com reported that “Federal securities regulators abandoned their remaining charges against SolarWinds and its chief information security officer, ending a high-profile lawsuit that accused the company of masking cybersecurity weaknesses ahead of a far-reaching Russian cyberattack.”  The November 21, 2025 article entitled “SEC Ends SolarWinds Suit After Major Legal Setbacks” (https://tinyurl.com/3a4a2b25) included these comments:

 The U.S. Securities and Exchange Commission, SolarWinds and CISO Tim Brown asked a federal court in a Thursday filing to end the case with prejudice, closing litigation that grew out of the 2020 Russian-linked espionage campaign - and a 2023 enforcement push that analysts said alarmed the CISO community. The dismissal comes after U.S. District for the District of Southern New York Judge Paul Engelmayer in 2024 stripped away most of the SEC's original complaint, including all claims tied to events after the public disclosure of the hack and key theories treating cybersecurity operations as internal accounting controls under securities law.

Brown, who had been one of the only CISOs ever named personally in a securities fraud case tied to a cyber incident, celebrated the outcome in a LinkedIn post, writing: "It's been a long road and I'm glad it is finally over."

"We did nothing wrong and fought relentlessly over the last three years to prove that," he added, praising SolarWinds' leadership, his legal team and the security community for backing him as the case unfolded. A spokesperson for SolarWinds said in a statement that the company was "clearly delighted."

It’s about time SolarWinds got resolved!