[hsbauauvhabzb]

But at the same time, auditing every update to an assurance level beyond ‘it didn’t bsod in test’ is incredibly hard.

I don’t disagree with anything you’ve said, but I’d be very interested in solving the problem of actually auditing constant updates from vendors.

[withinboredom]

Even a rudimentary “delay autoupdate by two weeks” would have saved lives here. Let everyone else update first.

[com]

Automated CI/CD - many of us already do this hundreds of times a day. If you’re an emergency call centre, join a consortium of similar orgs and standardise tech and do it properly.

Defer updates. Most things can wait 8-12 hours. Even more can wait 3 weeks (did this for all but security-critical npm package updates in one place).

Demand legal changes to ensure fair liability for failure to undertake basic measures by service providers for paid software and services. Demand proper liability for C-suites not ensuring that actual risk management is in place instead of stupid box-ticking.

Design better software. Seriously, the kinds of half-baked stuff that costs so much is incredible. It doesn’t take longer, and it doesn’t cost more to do things right, the only change is that management needs to be engaged with outcomes and have skin in the game. Execs should run the risk of going to jail for egregious failures.

[exe34]

staged releases. don't cripple all your systems in one go. hot backups that you only update after the main system isn't dead from an update.