These kinds of discussions are between corporations who have defined SLA's that specify things like reliability, uptime, etc. It's likely this outage breached this agreement so the lawyers of the companies are discussing internally and behind closed doors. This kind of thing doesn't get reported on in general.
this post was submitted on 06 Oct 2024
201 points (98.1% liked)
Asklemmy
43531 readers
1882 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
And it might be years before the full fallout is fully litigated.
The gears of justice grind slowly but finely.
At least thatβs what would happen if an experienced hacker did the same thing.
If you ignore the context of a massive company doing an oopsie daisy and a malicious hacker intentionally trying to cause the same disruption, that makes sense. Fortunately, most people are aware of the difference.
They will most likely either be sued or have financial repercussions, although there realy isn't a replqcement waiting in the wings if they went down. Plus they have had a pretty solid reputation for years, so an occasional oopsie is going to happen and as long as it doesn't happen repeatedly it is likely to be forgotten about in 6 months.
Heck, I wasn't even impacted because my work laptop was off and it was already sorted out before I turned it on that day.
If I had to guess there would be, at the very least, some businesses that used their business continuity insurance.
Those companies, after paying those claims, will probably be expecting reimbursement or preparing to sue crowdstrike to recoup those costs.
And likely Crowdstrike will have their own insurance. At the end of the day, itβs just gamblers sitting at the table, moving the chips around.
Well, for one, it's not known as "BSOD day" by any other customers that I know of. For two, there are contractual obligations, which prevents businesses from immediately pulling the plug and depriving them of funds, or from having knee jerk reactions, depending on your perspective. And finally, in just my own opinion, no other alternative solution provides a more compelling case for risk reduction without the same potential compromises even given the faulty deployment methodology that CS used. Sad, but true in my experience.
Needing kernel code for security sucks, don't have better options right now, encourage startups and take risks on them instead.
Sadly Iβd say Cylance has a feature-complete alternative to Crowdstrike but Blackberry has done everything possible to not promote the product.
There are lawsuits: https://techcrunch.com/2024/09/02/crowdstrike-faces-onslaught-of-legal-action-from-faulty-software-update/
These things will probably take years to play out.