News: 0175124291

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

CrowdStrike Overhauls Testing and Rollout Procedures To Avoid System Crashes (securityweek.com)

(Tuesday September 24, 2024 @05:25PM (msmash) from the ray-of-hope dept.)


[1]wiredmikey writes:

> CrowdStrike says it has [2]revamped several testing, validation, and update rollout processes to prevent a repeat of the embarrassing [3]July outage that caused widespread disruption on Windows systems around the world.

>

> In testimony before the House Subcommittee on Cybersecurity, CrowdStrike vice president Adam Meyers outlined a [4]new set of protocols that include carefully controlled rollouts of software updates, better validation of code inputs, and new testing procedures to cover a broader array of problematic scenarios.



[1] https://slashdot.org/~wiredmikey

[2] https://www.securityweek.com/crowdstrike-overhauls-testing-and-rollout-procedures-to-avoid-bsod-crashes/

[3] https://it.slashdot.org/story/24/07/19/0943232/global-it-outage-linked-to-crowdstrike-update-disrupts-businesses

[4] https://www.securityweek.com/crowdstrike-overhauls-testing-and-rollout-procedures-to-avoid-bsod-crashes/


bets it'll happen again anyway? (Score:1)

by BardBollocks ( 1231500 )

the old, bittervet in me has seen failures like this too many times to trust....

Question (Score:2)

by The Cat ( 19816 )

How many senior managers have admitted responsibility and resigned?

I'll take a wild guess and say "none."

Very wise (Score:2)

by GeekWithAKnife ( 2717871 )

Change testing and rollout procedure to avoid system crashes. Brilliant. Just unlucky that there wasn't there wasn't some kind of a plan to introduce testing and procedures to avoid system crashes to begin with eh?

tweaks to provide customers with additional contro (Score:2)

by Joe_Dragon ( 2206452 )

just tweaks?

What about stuff like

rollout groups?

per system install time windows?

Sure... (Score:2)

by Gravis Zero ( 934156 )

This would have been an excellent decision if they had made it about a decade ago. Instead this is merely damage control and PR.

Overhaul all you want (Score:1)

by RitchCraft ( 6454710 )

Overhaul all you want, the cat's out of the bag now. Just a matter of time before this threat vector becomes used more and more. Windows needs an enema!

In related news (Score:2)

by RightwingNutjob ( 1302813 )

The Department of Education is still dealing with the online FAFSA fuckup from last year, and anyone old enough to be reading this probably remembers the ObamaCare marketplace rollout from a decade ago.

Seems that software is still hard. Moreso when you think you can powerpoint your way to success.

Easier solution (Score:2)

by MachineShedFred ( 621896 )

I found the easier solution to make sure that Crowdstrike can't fuck my entire network and company, is to just not run Crowdstrike.

But modifying dpkg is infeasible, and we've agreed to, among other things,
keep the needs of our users at the forefront of our minds. And from a
user's perspective, something that keeps the system tidy in the normal
case, and works *now*, is much better than idealistic fantasies like a
working dpkg.
-- Manoj Srivastava