This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
Discussion point: It was fascinating to see the Tech community's reaction to the CrowdStrike outage last week - A good majority pointing at Supply chain security 😮 Rather than continual delivery practices.. Moreover, I can imagine MANY tech leads are in the hot seat to explain why it wasn't mitigated... Defects come in all shapes and sizes - but the classic response and long-term handling need management. This situation reminds me of textbook security complacency with the following human behaviour timescales: • 0-3 months: heightened vigilance • 3-6 months: declining awareness • 6+ months: complacency sets in..
It has been fascinating to watch. Luckily we were not impacted. However, looking at the details, I think a lot of companies will look at how 3rd party add on's are 'auto updated' in systems. Hopefully there will be a way to do red/blue deployments for these types of applications. Apply to a couple machines first, wait a few hours/days before deploying to the rest of the farm/systems.
I don't know, as I understand the problem was triggered by the equivalent of a virus definition update, rather than an agent update. Doing that slowly or in stages will undoubtedly lead to an incident where people get zero-day ransomwared because CrowdStrike didn't push out the update quickly enough... which then will lead to a clamour of "why didn't you update quickly enough" 😉
Its a great point @gbenischke - reminds me of "die hard" where they trigger a known response to favor the situation of exploit (FBI cuts power to the building.....)