As reported last week, it appears that a state-sponsored security hack has resulted in a major security compromise in widely-used software offered by a company called SolarWinds. The compromised software, known as Orion, is enterprise network management software that helps organizations manage their networks, servers and networked devices. The software is widely-used by both public and private sector companies. How should businesses respond to this development, and how should legal departments direct or support this response? The post spells out some of the specific steps that all potentially impacted organizations should consider.