I read the #crowdstrike RCA document.

There's one thing that people are overlooking - Crowdstrike's forthright response and assumption of responsibility. They identified the mistake, they owned the mistake, they did everything they could to fix it right away, and looked for multiple ways to fix it. They then did a write up of exactly how they dropped the ball.

People can make fun of the uber eats gift card fiasco, the $5000 drawing to one customer, and the infringement takedown attempt against clownstrike. Every one of these moves was boneheaded.

Their response to their mistake, dealing with it, and being open about it, is exactly what we should be wanting from security vendors. Any vendors.

Too often vendors will play the blame someone else game. Too often when I have issues, they try to blame me. I had a cloud SIEM try to blame issues on my ISP throttling bandwidth, when the ISP is AWS. And I've had to repeatedly put together evidence to back them into a corner to prove it's them. Crowdstrike owned the mistake.

#infosec

https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf?mkt_tok=MjgxLU9CUS0yNjYAAAGUx25bKgUDwXDbBXNQ_kM7AINLovUUmhLsxIOMR4PE94hlqpQMYc85WObgfx5SiixFkLAcseGFulehjbC7YB0YdN_RvxE44MfcuFkTTrX-ZXW9m4r3