Learning from CrowdStrike’s quality assurance failures

2024-07-25 09:52

The PIR is a bit confusing to read and parse, because it attempts to assure readers that the company carefully and comprehensively tests their products - even though the company's failures on that front are obvious.

CrowdStrike has implemented an update architecture that only rigorously tests some of the updates sent to clients.

CrowdStrike should be properly testing every piece of code that is sent to client machines.

CrowdStrike has committed to more types of validation testing, with an emphasis on the Content Validator and Content Interpreter, which reside on customer's systems.

CrowdStrike should commit to conducting more rigorous testing in their in-house Quality Assurance pre-production environment or the Content Configuration System, which resides in the cloud, before it reaches any client systems.

The CrowdStrike incident of 2024 will be referenced in the future as a major failure, but we can use it as a catalyst for learning and adapting, to make our digital world more secure, private, safe, and reliable.

News URL

https://www.helpnetsecurity.com/2024/07/25/crowdstrike-quality-assurance-failures/

#crowdstrike