[locococo]

I am not familiar with how CS is or can be administered.

As a customer you should not have to assume the software your supplier vends is faulty to the extent of this incident.

It's reasonable for a customer to assume the software is tested according to industry best practices.

CS acted grossly negligent here, and they deserve the majority of the blame.

I agree that some blame also resides with customers, there must be disaster recovery procedures in place to allow them to function with minimal downtime in the case of emergency services.

[figassis]

I think the problem with DR in this case is you will need to account for every eventuality of every line of code in every sw product you use. Because say, how do you handle the case that your fleet BSODd? Usually you'd rebuild them using your bitlocker keys.

But this incident was so deep, that the SPOF here was using Windows. So now, your DR plan needs to account for some mandatory percentage of your OSs not being Windows, and your IT staff being maybe Linux experts. Cool.

But can you predict that you need to store your bitlocker keys in both platforms? And can you even do that or is it one of those things where bitlocker storage has to be on windows bc of lockin?