[DiffEq]

These people were talking about this 4 years ago:

https://www.reddit.com/r/crowdstrike/comments/ie8wos/sensors...

...but honestly these types of bugs have been inherent in software since day 1. We have had canary deployment models also for ages - so for this to happen tells us some things about the IT administrators of these companies that were impacted.

I don't think CrowdStrike bears much of the fault here. I recall this similar thing happening with Norton in the early 2000's and many others since then.

[phone_book]

Check out this Reddit comment (not mine)

https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_e...

Quote: "Multiple sensor versions apparently. I checked we haven't received a sensor update since the 13th so it must be something else they're updating to cause it. So much for our Sensor Update Policies avoiding things like this..."

Edit to add: Based on the Reddit comment and this thread, https://news.ycombinator.com/item?id=41004103, I would put this on CrowdStrike doing something that was unavoidable by the customer (CrowdStrike could have avoided this). But maybe there are some customer settings that could have prevented this.

[wobfan]

IMO the fault lies 100% at CrowdStrike. The software does not only run on mission critical systems, but also one such systems, where a automatic update is okay and even wanted, where the operators maybe just don't have the capacity to run tests before that. Many people trust CrowdStrike, and yeah, sure, everyone should do tests before updates in a perfect world, but in reality (as we now see) this is not always the case. Not because people are actively sabotaging themselves, but often the priorities are somewhere else, that's why they are using high-quality software, and trust their automatic updates to not cause a total blackout.

I install software -> PC crashes and can't recover itself -> it's the Software's fault. Sure, I could have prevented it, but this doesn't change who's at fault.

[observationist]

Crowdstrike bears the responsibility for the effects their product has on the world. Firms have the responsibility to use canary deployment and other practices to mitigate the potential harms third party products might cause.

Crowdstrike deployed a flawed update resulting in widespread harm. They are responsible for that harm. Companies failing to mitigate that harm through responsible preventive practices are also at fault.

Nothing will change. The people in charge of purchasing and deploying enterprise scale kabuki security software like this aren't interested in accountability or real world efficacy, it's entirely about crafting a narrative sufficient to remain employed. The game isn't security or practicality - box checkers gotta check boxes.

[asplake]

Should CrowdStrike themselves not follow a canary deployment model?

[dwheeler]

Crowdstrike released a change that should have been caught by automated testing. That does require an explanation, I think, and a change to prevent recurrence.