top | item 41031884

(no title)

What baffles me is just how many IT personnel in so many organizations around the world apparently just blindly hit the "Deploy this zero-day update to all production systems without any testing" button instead of the "Test this update on our test systems first" button.

Or maybe even just looking up the update online to see whether any problems had been reported before deploying it wholesale across their organizations.

Are these the same IT people whose systems all went offline in the left-pad incident because they 'accidentally' set their production servers to be dependent on a third-party repository?

I've worked at some low-budget places that didn't have much in the way of a vetting process, but even there auto-deploying unknown updates to third-party dependencies into production was always a capital N No.

discuss

TiredOfLife|1 year ago

This update bypassed all methods of controlling updates.

newdee|1 year ago

They didn’t. Most orgs run with at least an n-1 Sensor version, with test groups for latest. This was essentially a definitions update pushed by Crowdstrike to all customers, regardless of the deployed sensor version.