CrowdStrike Hopes Legal Threats Will Fade As Time Passes (theregister.com) 27
CrowdStrike CFO Burt Podbere says the cybersecurity firm has not faced lawsuits over July's global IT outage. Speaking at a conference, Podbere emphasized efforts to shift customer focus from legal threats to business discussions. The Register: There were dark rumblings from Delta Air Lines last month, for example, threatening litigation over alleged gross negligence. At the time, CrowdStrike reiterated its apologies, saying: "Public posturing about potentially bringing a meritless lawsuit against CrowdStrike as a long-time partner is not constructive to any party." During his time at the Citi conference, Podbere admitted: "We don't know how it's all going to shake out.
"Everything we're doing and trying to do is take the legal discussion away from our interaction with customers and move it to the business discussion. "And as time goes on, that does get easier because we're moving further away from the Sun, right? And that's how we think about it."
"Everything we're doing and trying to do is take the legal discussion away from our interaction with customers and move it to the business discussion. "And as time goes on, that does get easier because we're moving further away from the Sun, right? And that's how we think about it."
can't see how the meritless line stands up (Score:4, Informative)
":Public posturing about potentially bringing a meritless lawsuit against CrowdStrike as a long-time partner is not constructive to any party."
how can they say it is meritless, by their own admission they failed in basic security and testing, Crowdstrike when they go into organisations spruik their ability to do security better and safer than Microsoft/Linux/Apple et al. Turns out they have processes that were frowned upon even 20 years ago wtih poor testing/development and deployment practises.
Re: (Score:2)
YES. And if they do get off, it shows there's no real ability to hold corporations for software failures. That would be A Bad Thing for customers/users, even if it's the preferred result for software vendors.
Re: (Score:3)
And if they do get off, it shows there's no real ability to hold corporations [accountable] for software failures.
The damage done far exceeds the company's ability to pay out of its cash flow. It isn't plausible to make everyone whole.
Lawsuits will burn up a huge amount of money by all the litigants, meaning everyone receives less as the costs rise and the pie shrinks.
The outcome of most lawsuits is that the lawyers win, and everyone else loses.
Re: (Score:2)
To be fair that is Crowdstrikes problem
Nope.
If I owe you ten dollars, that's my problem.
If I owe you a billion dollars, that's your problem.
Re: (Score:1)
Re: can't see how the meritless line stands up (Score:2)
Re: (Score:2)
Their customers are slowly realising, at the MBA level, that the problem isn't really at Crowdstrike's end.
Irrespective of what Crowdstrike failed at, the fact that Crowdstrike was able to simultaneously impact so many customers instantly is an indication of infrastructure shortcuts at the customer's end. And those shortcuts might be more a M$ problem I suspect.
Re: can't see how the meritless line stands up (Score:2)
Clownstroke failed at input validation.
If you do anything other than blame and mock them for that you are part of the problem
Re: (Score:2)
Whatever they failed at is kind of irrelevant though. I think that's what is finally sinking in.
Re: (Score:3)
I think it matters a lot. This is really basic competency stuff and they want to be in charge of security, and use a direct kernel interface? Even if Microsoft did provide a reasonable API for doing what they are doing, odds are good that if they screwed up badly enough with it they could still cause severe problems with the system up to and including abnormal termination. I am happy to throw Microsoft under the same bus, but they still have to go down.
Re: (Score:2)
"Gross negligence" is the legal term that would apply here.
I think Delta was down for something like 4 days though, when it should have been 1 day if they had any kind of contingency plan. So they might end up getting a quarter of whatever they ask for. And I think they will ask.
Re: (Score:2)
Yes, there is negligence. But it ain't Crowdstrike's negligence that allowed them the free roaming.
Re: (Score:2)
My understanding is that CrowdStrike has (among others) a rollout process specifically designed to address immediate active threats. This rollout is ultimately owned by CrowdStrike as part of their product.
The problem is that they didn't have a testing process even close to being commensurate with that extreme of a rollout -- "roll out everywhere now!" is incredibly dangerous, even (especially!) for updates that are only "configuration", and while they did have some automated testing those tests didn't incl
Re: (Score:2)
That's not their job though is it. The customers should be validating their own deployments.
Re: (Score:2)
Re: (Score:2)
They also failed basic software engineering. Only an utter incompetent does not validate all assumptions about the input.
Wishful thinking. (Score:2)
Yes, I also hope all my problems will go away if I just ignore them.
Hope is not a legit strategy, or tactic. (Score:2)
Hope isn't something to be building strategy or tactics on.
"Hope for the best, prepare for the worst."
So.. rig for the worst. Lawyer up. And hope, for your sake, that discovery doesn't find untoward things.. and the top-floor execs may consider starting to pack parachutes, if they haven't already.
trust and customers too (Score:2)
Legal threats, trust, customers, CrowdStrike does not need any of those.
You don't get to crash customers businesses (Score:2)
Re: (Score:2)
Not for much longer. The economic damage these cretins are doing is getting larger and larger.
That's some mighty fine wishful thinking there (Score:2)
Translation: (Score:1)
"We're going to the Dark Side"
Once again, a translation from Bizspeak to English (Score:2)
"Public posturing about potentially bringing a meritless lawsuit against CrowdStrike as a long-time partner is not constructive to any party," according to CrowdStrike's CFO. This may be true. However, a lawsuit against CrowdStrike by an aggrieved partner might very well prove its merit by helping said partner recover from damage caused by CrowdStrike's defective software update. Hitting these vultures hard where it hurts, right square in the bottom line, might have the added bonus of encouraging other c
As extremely as they have screwed up... (Score:4, Insightful)
There really is only one choice: Leave them behind. Whether there is a possibility to get compensation for negligence that could not get much more gross is a question for the lawyers. For the engineers blacklisting crowdstrike is the only sane choice.