Hacker News new | ask | show | jobs
by jollofricepeas 690 days ago
This will go nowhere.

Generally if a corporate board has a risk committee that meets regularly and obtains consistent “audits” that demonstrate a company follows its own policies and procedures then it skates by these shareholders lawsuits.

Crowdstrike may have litigation costs dealing from impacted customers but those as well may not lead to significant damages per contract terms.
1 comments
jasonvorhe 690 days ago
Iirc ISO 27001 requires you're physically incapable of shipping untested code to production. Since they did just that (and they would've easily discovered this if they had tested it) I'd be surprised if this had no consequences for them.

Crowdstrike claims to be certified: https://www.crowdstrike.com/why-crowdstrike/crowdstrike-comp...

link