The CrowdStrike Crisis Proves The Software Industry MUST CHANGE

So in summary, their code didn't check inputs, their unit testing didn't check invalid inputs, their integration testing didn't check for all deployment configurations, their release strategy didn't canary test reliably, and their management continues to prioritise cashflow over code quality.

"The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at and repair." - Douglas Adams

About 6 or 9 years ago I heard a VP say, "Why do we need QA? Why can't developers just not write bugs?" She was basically laughed out of the room. In the years since software companies have totally abandoned the role of QA to the point where a basic null pointer can shutdown the airline industry because no one can be bothered to test kernel-level code updates.

Yet, they automatically decline job applications from experienced software engineers that happen to be 40+ years of age....

The clusters of competence vanish, be it Boeing, NASA, and IT.
The beancounters rule.
I lost count of how often I told the management that "I do not ship sh.t"
I lost the job, the software was a beta, and 80% ended in disaster, the other 20% went live with a 500 to 1000 percent budget overrun
Crowdstrike did not perform canary testing, I ask why

We just had the 737 max. That is engineering 101 with robust standards around it.
As long as regulators refuse to require someone to put their name on it, aka a P.Eng stamp, and treat it like every other critical branch of engineering, this will continue.

Ironically, the bug also illustrates one of the key problems in defining "malware": that developer intent is irrelevant to the functional effect of malware and/or software bugs.

According to Crowdstrick's own incident report, the update that caused the issue was never tested on an actual Falcon sensor. It was only verified by some sanity check software called a "content validator" that had some "bugs" and didn't detect the problem. The first time the faulty configuration file was actually used, was in a customer system... and it crashed. it is inexcusable that a software company could release an update to their customers without actually testing it on a real device. Crowdstrike should be held accountable for the financial loss,

I suspect this might hide a darker secret. They might have had a serious vulnerability that might have been already in play and they rushed to fix it and release the fix as soon as possible, which probably meant they skipped a few steps like testing.

Small correction: Usermode is indeed sometimes called ring 1 but incorrectly so. It is actually in ring 3. Admittedly ring 1 and 2 are barely used but the hardware does support them.

During the CrowdStrike outage, the neighbor across the street had a heart attack and died. His invalid wife, who had an emergency monitor, tried to help him and fell to the floor. She remained on the floor for over 12 hours because the emergency monitoring software ran on a Windows machine. I don't know if there was anything that could have been done for him, but she was needlessly suffering for what was likely someone's cost cutting measure.

Imagine if chip manufacturer made a small bug in microcode of CPU, slightly messing up voltage on cores, so they would degrade with time. That would be a disaster!

When I was coaching at a large telecom company in 2010-2012, I was struck by how much the phone switch code focused on error and failure scenarios to the point that the "happy path" was almost an afterthought! The systems weren't without their problems, of course, but there was a ton of deliberate thought that went into "how could this go wrong". We should be thinking like that with every single line of code we write, IMNSHO.

Been a QA engineer for 10 years now and I can attest to the low level of care businesses emphasise on solid QA practise.
QA has become an afterthought, so the understanding has dropped over time. It’s now resulted in a low standard of QA and testing in the tech industry; but mixed with a need for quicker releases 😬

This is an management problem, developers are powerless to change this.

This crisis proved that commentators who positioned themselves as experts in software development had little knowledge of system software development. I was surprised as people with titles of former principal engineers or PhD in computer science didn't have even basic ideas about system programming.

I'm screaming for the last few years. this is an obvious consequence of the way we've been forced to work for years,

I am so tired of this idea that SE (Software Engineering) needs to "grow up" or "catch up to the big boys". Not to discount the massive failure that was Crowdstrike, but its not like Intel didn't bungle multiple series of CPU with a hardware bug. Its not like electronic devices aren't failing all the time, or the car industry never had to do a mass recall. Even Boeing is having issues with passenger planes.
Try to have a Electronics Engineer build a custom made TV for every single different person and you will see the bugs skyrocket as well. Mass production amortizes quality costs. That is the only reason those industries have more "quality". Because the cost-benefit analysis pushes it.
The issue is that 90% of Software Development isn't Software Engineering. We are building custom Apps that are going to run on one single service and are different for another. We are building CSS or some command line tool or some nice to have feature meant to show off. That is programming, that is not SE.
SE has source versioning, design patterns, coding tools, static code analysis, unit/integration/e2e testing automation, CI/CD. If you look at the entire range of processes SE has built, we are way, way above and beyond what other industries have for verification processes. If management decides to avoid or ignore them to cut costs, that is a management problem, not a SE problem. We can have as much quality as you wish, but you need to pay for that quality in time to delivery and engineering time.
And this is exactly what seems to have happened with Crowdstrike, your whole spiel of "push to production asap" devops mantra caused the issue here. Because that is not adequate for a critical piece of software. But management wants to push things fast to "stay ahead of the competition" and "use devops". And here we are.

MS did try to push 3rd-party kernel drivers back into user mode and provide the necessary access via a dedicated marshalling API, but all the AV companies made such a stink about it - claiming (without evidence) that Defender would not do the same and thus have a commercial advantage - that the EU took up their cause and blocked MS from doing it. Thus leaving the situation where access is provided to the kernel essentially on a "trust" basis, which obviously can't be verified by the O/S in cases such as this, despite the requirement of certified drivers, as replaceable code/data is being used.

So let's check something out.
- We all agree there were failures in the QA process. We should probably mention that half the QA team was laid off earlier this year under the pretense of a pivot to AI.
- Crowdstrike claim that these templates are generated by AI. They were even spotlighted by nvidia as a "no code" solution in their convention. Was the original bug an AI hallucination that was not detected correctly by the QA process due to budget and staff cuts related to AI hype?
- Are these ring 0 changes being released untested because there's some assumption that AI is magically free of human error?
I suspect there's plenty of angles in which we should ask ourselves how much of a factor AI hype played here.

As I see it - ring zero shall have a minimal codebase and be updated with care.
Also - if you are an OS maker - don't let ANYONE else into ring zero. A driver can always request access to I/O and memory through defined system calls and the kernel can then decide if it's a permitted access and deny or kill the caller if it's out of bounds.

That describes very well what went wrong at the technical level and the obvious absense of quality control in the release procedure. I think that not much time would have been lost by first releasing the 291 "patch" on a staging host with the OS which most of their customers are running and to monitor a health check. They would immediately have seen the crash. There must be tools for that, even on Windows.
BUT something VERY important is missing here: It seems that there is an agreement between MS and the EU from 2009 who forced MS to have this backdoor for Kernel access. This is because MS was accused of not allowing others to provide security software for their OS because of their own product, Defender.
This acting by the EU obviously ignored the technical problem which we have now observed. So who did not tell the EU which problems this could cause? Did they force MS into this agreement without any technical knowledge? Or who remained silent back then, and why?
On top of that: You sort of mentioned that this software is certified and unchanged because it has this backdoor of importing executable code, so that the thread could not be detected. BUT: How did the software get certified in the first place? Wasn't there any code review or why didn't they detect or report that part of the software which imported arbitrary executable code?
There are three options here:
1) There is technical incompetence just everywhere, including potential technical advisors of the EU and internal techical staff at MS, doing code reviews or similar of potentially problematic external software with unlimited privileges, and not finding this backdoor.
2) People got paid to remain silent or to give misleading technical advice on behaf of people wanting to force MS to provide that access so that others could invade this space with new businesses (taking the risk of the event we have now observed)
3) A complete failure of responsibility. Just an example: I know that there are people doing security audits at the largest and most important data centers in Europe by PHONE, never visiting the place once.
We do have a much larger problem, because we have completely lost control with respect to quality and responsible behaviour, even for critical systems and infrastructure. There are obviously more people to blame for careless acting. It is not wise to always have free competition as the top priority. This thinking is dangerous, even if we think that is has something to do with being fair. It does NOT but encourages exactly the opposite.

The scrum and sprint processes just produce bad code. As a DBA, sprints drive me crazy. Developers develop for the sprint instead of a proper solution. The result is schema that are poorly designed. Instead of proper design what is deliver is something that "works" within a sprint but is badly designed which just continues to compound. Programming with a stopwatch and "sprint" coding just is a bad programing environment. Why, why, do we do this?

There are lots of channels like this where an expert points out the internal issues in any given technical situation but the political, legal and ethical issues are mainly left to someone else to grapple with. Engineering of any type exists within a network of rules, and if those rules allow failure-ism to creep in, disaster is more likely to strike. The failure here is Microsoft's as it allows outsiders to manipulate the kernel. I liken the situation to a railway operator allowing the signalling to be sub-contracted because it will not (or cannot) retain the experts to do the job and the sub-contracted company or companies fail too for the usual reasons. So you end up with cascading failures encourage by limited liability.

I think the answer is cost
Writing and maintaining good quality tests can be expensive and businesses usually prefer spending their money on new features rather than on testing as they usually don't see the value of testing. I believe it's our job as software engineers to not accept this and try to improve practices but it's not easy, until there is a catastrophic failure. That being said some companies will always prefer to take the risk of a big hit some time in the future than constantly investing to prevent it.
Over time it can also happen that reasons why some quality checks were put in place are forgotten and those quality checks are progressively abandoned.
In that regard I don't think that our industry is that different from other engineering industries. Taking the aircraft manufacturing industry for instance, safety practices and procedures are usually implemented after there's been a crash and over time can be loosened or ignored leading to other crashes. However in our industry we rarely think about the lives that can be lost as "we only build software".

It's not a matter of "producing software seriously". It's a matter of *not using Microsoft trash on critical infrastructure.*

It seems the problem is more complex than quality control.

Companies are incapable of doing the appropriate QA because it's always cheaper not to and there is always a competitor that's prepared to take more risks (often because they are unskilled). Customers don't have the know how or resources to protect themselves from this either. It's the whole reason why the construction industry in the UK has building control officers.

The event also showed the weakness in the customers' deployment practices. They all just blindly accepted the code change from CrowdStrike. They allowed their systems to get the update directly from CrowdStrike without internal canaries. Will practices at those companies change? Can they? If the software is written such that it automatically receives updates from the manufacturer's site, can companies protect themselves from such errors?

That's a good point: The failure was not hard to detect ...

There is a huge difference in cost between software that is "good enough" and high quality reliable software. Most people cannot tell the difference until a disaster like this occurs. Very few are willing to pay for all the extra effort. That said, the level of incompetence and/or negligence on display in this fiasco is difficult to comprehend.

The Management at CrowdStrike did not have the backs of their Developers. That is quite obvious from their Root Cause Analysis Report. They basically blamed it all on their developers.

The blame is with leaderships plump with middle managers and VPs who tend the org chart around them like a nest made up of whatever they can access with their missing or dwindling relevance.
Non technical leadership strangles organizations until even the rank and file are coopted into the politics and accounting.
Find the leaders in your org chart who are trying to convert everyone around them into accountants and project managers, and fire them in a hurry.
Then, let the technical people BE TECHNICAL with TECHNICAL PRODUCTS.
🤬

Something incredibly powerful about this failure is that a lot of people in and out of the industry knows about it. This lead to me and people I know starting to use their name to describe critical failures. Like: "They just got Crowdstriked." And people know exactly what I'm talking about.

Crowdstrike seems to have lower quality standards that my group does writing simulation software. What Microsoft needs to do is much more heavily restrict kernel space and stuff like crowdstrike should run in user space.

I fully agree with everything mentioned in this good video.
I would add to it the responsibility of the SW consumers to not deploy SW automatically, but rather run it on a test environment first, and deploy it to production machines in phases.

The wild part is that you are still downplaying the issue. Hospitals shut down, and that always leads to deaths. People (very likely) died because of this.

Entirely too many non IT people making IT decisions.

Crowdstrike has blamed the release of the bug on a bug in their automated testing process that let the bug mentioned here through it's validation. I would guess they they did have sophisticated automated testing before the release of ring 0 updates but their testing process itself had a bug and didn't fail appropriately. For me the more interesting question, is how much do you test your auitomated testing process? Every level of development is important to have rigor and examples like this show how each part of the development process can't be ignored or taken for granted.

The only way large companies will take software development more seriously is for criminal and civil liability to return to the C-suite as well as making shareholders pay dearly after EULAs are invalidated due to negligence.

Uncle Bob, in his one presso, suggested, or predicted, that things will only change in the software industry when there is an event that causes significant loss of life.
At the boardroom level we might be hearing of tales of "From DevOps to DevEx" or GenAI and similar stuff, but those are vague in the extreme and in my mind act as a summary of where minds are at (even AFTER Crowdstrike).

They put out a tech brief of the failure. The Kernel null pointer was a side effect of bad code and a hacked test that hid it. They passed a function an array of 20 things when it was expecting 21. Their testing was limited with mock data fixtures and it treated the 21st object as optional and ignore if its missing. When the function was changed to make it mandatory for a new feature the test and mock data was not updated. It was actually modded to stop failing tests until the feature was ready to test and forgot about it. They had a 1 tier test/deploy strategy. If it passed mock unit auto-deploy it immediately to global CDN, there was never any real integration or live run testing or phased rollout to mitigate unexpected failures. Agile is a failure, TDD is a failure, obsession with type hints is a failure. Whatever methodologies they come up with next will fail too because humans do not run like computers. Now the government is mandating Rust for certain software because some expert told them it would solve all their problems and be completely secure and un-hackable rofl.

Their management speak ridden RCA document should make your eyes bleed with all its obfuscated bad practices, from dev through deployment.

The EU forcing MS to allow kernel access by third party software is like forcing me to allow brain surgery on me by anyone who claims that I need this treatment.
To then certify such a software with a backdoor from a company with low quality standards is like then allowing a doctor for brain surgery on me who has never learned to do this ... and who then brings his students to execute the operation ... because somebody else has found a way how to damage my brain. So they do that to me, whether I like it or not, for my health and without any professional care or precautions in the interest of my survival.

Will it change things? Probably not... that's a sad way to open a video, but I think you're right. What I think it will do is start a lot of finger pointing and then everyone tightens up and becomes risk averse. This might end up improving things after all those storms blow over, so who knows. Exciting times.

Software engineering is an engineering. Obviously. So why we're not regulating it like the other branches of engineering? Why software engineers can work without any certification, why they do not have personal liability for their incompetence? High time software engineering is regulated to the same level as civil engineering or medical professions.

Isolation is the job of OS. No amount of human process can prevent such disaster if the NT kernel is such a PoS without an equivalent of eBPF mechanism of Linux. I'd primarily blame Microsoft for this disaster. It's remarkable that the consumer OSes (Windows and MacOS) are so antiquated compared with modern open source Linux kernel, which invariably will take over the world 😀

"Probably not." The most dark words spoken here. And probably true.

Before 25 years, I studies in my first network certificate MCSA that I should test any Windows update that I will install it in the network computer in a test computer first.
After I make sure that it's OK, and it's not creating any problem, I apply it to the network.
I am surprising today that a company with Billions of Dollars, do not do such simple excersice.!

Crowdstrike certainly epitomized the mantra of move fast and break things

And yet, when I propose a government agency to oversee the software industry, an analogue of the FSIS/USDA/FDA in the US, I get laughed out of the room.

I doubt anything will happen. The same "ah, a very bad thing I don't understand has happened, let's talk about it for a week and then move on" public reaction will occur.

I would be shocked if CrowdStrike existed in 10 years, they will be sued out of existence.

14:08 "An important perhaps central aspect of an engineering culture is to ask the question, 'What could go wrong?'"
Few companies ask this question, because they don't want the detailed answer, because it would mean they have to assign resources to solve those problems. It's much easier for them to never ask that question. Which is why most companies (esp Software Companies) do not have an "engineering culture". But, also, most of them think they do have an engineering culture bec "they're creating software, aren't they?"

Honest question: What do you mean by thorough and fast? How can you be comprehensive without taking time to deeply understand what is going on? Most situations I have been in, although limited, have been met with a large amount of learning needed to understand and be able to make informed decisions. In consulting, this is very difficult and most client don’t understand that it takes time to be helpful because their mess take a long time to untangle.

A file that only contains zero-bytes is not programmed by accident or even produced by some software. The lack of a checksum test before using a downloaded file is the main defect. Most likely, the file got corrupted when transferring it from the CrowdStrike facilities to the downloading site. When copying a file, the receiving end allocates / memory maps the right mount of bytes on the file storage, before receiving the bytes and writing them into the file. Another process copied that file before even the first byte was written to file. Transfer via network takes time, but copying a file locally is fast.
I am sure that CrowdStrike did the right programming also extensive testing. But the distribution process was never tested.

I've been using Linux for 18 years and I have
Never had a blue screen or a black screen
Error.. if something goes awry, the system freezes and I just re boot and go back to where
I STARTED.

I believe, the moral of these incident is it will happen again and again.
It is just the true nature on our society and economic world wide keep depending on more and more the our digital technology. Errors will slip through in my opinion.

I loved the end when you started to ask all those hard questions like where was the canary, etc
The crazy part is, if you have real experince, it's easy to set up the SDLC such that you get 80% there with little effort.
They probably put into it 300% effort to get 30% there. Testing wrongly is easy. Testing ineffectivly also. Or testing doubly.

Crowdstrikes kernel module should have reverted to a working checkpoint after crashing. Windows kernel should have reverted to a working checkpoint after crashing. Kernels should use 3 rings of security so that there is the userland, kernel, and executive so that errors in the kernel don't crash everything.

Amazing Video!. I think we can deal with these problems using fault tolerant or redundant systems like the Voyager software which is 50 years old but has .... redundancy

The big issue is:
It is not safe to use Windows across a network
Or on the internet. Sandbox everything and
Use a Virtual Machine.

Looks to me, that at least a little bit of testing should have revealed this issue. Probably they rushed this out without proper testing or there was confusion with the files tested and the ones finally released. However, this is a risky driver design, they should consider running as much code in user mode as possible.

Scrum and Agile have turned software engineering into a back-whipping sweat shop where performance is judged by velocity and story points. Meanwhile, the product owners try to cram as many features into a release as possible while the scrum masters “babysit” and ask the same obvious 5 questions every standup. “What’s taking so long? What blockers do you have? Can I help? Have you asked for help?” YES. End the damn meeting so we can get back to work. It’s maddening. “Squeeze the blood from the rocks”.

18:22 I really really really hope that there are no nuclear power plants running on Windows. In any way shape or form.

As long as companies aren't heavily penalized by governments and C-level execs and middle management (both of whom are usually responsible for engineers cutting corners) possibly facing prison sentences for severe issues like what we saw at crowd strike, there's no incentive to change things.
Because obviously, the free market is full of companies that produce rushed, buggy software. So it's not like you have the choice to go with a company that's maybe a little more expensive but emphasizes quality. (Which reminds me of how larger organizations often seem to pick who gets a contract. Total cost. That's it.)

So, CrowdStike had a hack that allowed them to write Ring 0 code with processes only suitable for Ring 1. Great idea. Then they had no way to undo the inevitable failure. And they didn't test the code.
I will be sorely disappointed if they won't be hit with malpractice / negligence law suits that will bankrupt them.

Maybe the IT industry should think more about giving a third party unfettered control over all their hardware, especially when the CEO of said company has presided over similar lapses in policy in the past.

Bugs will happen, but there's no excuse for releasing them.

This video has some wrongs.
There is no code in their sys files, only data.
There was at least 2 bugs in their validated ring 0 code that was released back in february. And the data of the sys files released in july triggered the bugs. So the issue is not in the architecture, but on the code and lack of proper testing. They lied about e2e testing, since their tests only tested mocked data, not the actual sys files released to production.

i have never understood why medical devices are running windows. somebody, explain it to me please 😢

291, the new number of the beast 😈. Nice vid. I’m not sure that the occurrence of this event means there is a problem in the industry. It’s just a one off by a company that should have known better given the high risk status of their code. If there was a problem in the industry then we’d see this happening more often. I suppose there could be near misses that we’re not aware of, but at least now that this has happened, it will make people sit up, take notice and hopefully force a bit of navel gazing and correction. I do hope that crowdstrike are forced to pay compensation to all affected clients even to the point of making them bankrupt. That will send a clear message to other corporations that have bad practices intended or not , that this is not acceptable.

I really want to know what conversations Microsoft is having with Crowdstrike.

@Continuous Delivery Hi Dave! I think your channel is awesome! But I'm having one question. On one side, I see you're suggesting we should be doing all kinds of tests, performance tests, stress tests, all kinds of stuff, which makes sense! But on the other hand, I'm hearling about working in agile way, and actually only solving problems of user (for example based on user stories). If I'm developing a software for a small-medium company, which doesn't really care much about few minute downtime or slower applications; do you think I should still worry as much about performance and stress testing?

A slightly more charitable explanation is that the proper 291 patch was tested, dogfooded, etc., but that the package that was actually pushed was not the one tested.
If there is an internal format, like a zip file that gets all the scrutiny, and then there's a final packaging that created the nul bytes version, it could explain it.
There's still no excuse for not testing that final version, though.

"Probably not"
We have had many, many SW disasters before. At least this one (probably) didn't kill anyone.

What is the difference between adding new code to ring 0 and just having ring 0 code read and use data that is invalid (e.g. making the ring 0 code looping forever and being stuck while holding some fundamental lock)? What about making a mistake in considering some activity as suspicious because of a new rules file, and blocking something fundamental for say use the network? You get a bricked system anyway, impossible to fix without physical presence.
Code signing buys very little even when not cheated... data is very powerful too.

Too much need to keep changing is what broke it. It needs to be frozen and then pruned clean so little change is needed. Pruning out whatever forces further change.

is there an update on why the delivered content files contained all but zeroes??? makes me think something in transit must have gone wrong. you can have a perfectly working pipeline but when the artifact gets altered after the fact the pipeline must be extended to cover the new possibilities to modification of an pipeline artifact

Come on bro, they were continuously delivering.

The testing process is actually flawed if you don't have tests for things that can happen. Why did nobody pass it a corrupt patch file in testing? If they had done that they would have realised. It's attention to detail and thinking about ALL possibilities.

Ring 0 and ring 3 - not ring 1. The Windows operating systems implement user mode as ring 3. Even on hardware that supports ring 1 and 2, Windows only implements ring 0 and 3. Windows NT was a little before my time, but I’ve read that is where the precedent of only implementing 2 of the 4 modes comes from.
I’ve worked for big AV companies and I find it astonishing that this issue wasn’t caught before being shipped. I suspect that there is more to the story than “they don’t test drivers before being shipped”. Of course they do. It makes more sense that this was a bug, in the driver, that went undetected. It probably existed for quite some time.
My understanding is that it was a data file, a file that was supposed to contain the “description” of malicious file (if it was something like traditional AV) or malicious behavior (if their PR hype is to be believed), but the automated process that generates these data files generated something that was empty. Should they have detected an empty data file before shipping it? Yes, they should have. Should they have identified the bug in their driver? Yes, they should have. Is it reasonable for us to expect CrowdStrike, or any software company, to produce software with zero bugs? No, it is not reasonable. Moreover, it is not possible.
Dave, I’ve really enjoyed your video and your channel. I tend to agree with you on almost everything you teach. On this one, I think that you are mistaken about what we observed means. Certainly, as engineers we should strive for safe, sound, repeatable, maintainable, and deterministic work product; however, which engineering discipline is perfect. Ask Sally Ride if those rocket scientists never make a mistake. Tesla practices the methodology you preach, and I think their engineers and QA team are top notch, yet they have had issues. I believe it was a software issue related to regulating current that led to many of their cars catching fire (I might have the details wrong there, but it is indisputable that they were catching fire).
This incident is not an indication of an industry that doesn’t take their discipline seriously. Like exploding rocket boosters on the space shuttle or battery powered cars burning in the street, this is just an unfortunate tragedy. Like those other issues, we will examine what happened and take measures to ensure it does not happen again. Alas, without fail, there will be another incident. Because we are human.

I think there is another potential explanation of how this happened than dereliction of duty. Uncomfortable as it is to consider, it is also possible that the patch was released intentionally as an exploit, for a nefarious purpose that we currently aren't privy to.

lol: INTRO: "PROBABLY NOT !" like literally what went through my mind when Dave sad it as well..
we humans don't even care about our environment ! why would we care about SW quality if people keep buying our products anyway....

CrowdStrike was all about the 💰 🤑 💸.
It's deplorable that these companies still
Have no Linux machines in-house. Server
And cloud operating systems are FREE...

I hope someone from the inside of the company tells us what exactly went wrong. I guess that it has something to do with automating testing of code so it probably did pass some tests and then the failure of the automatic tested was not picked up.

The CEO learned nothing (again), and the PR department will dance until the bad publicity dies down. The courts are too technology-ignorant to apply significant (if any) punishment.
It's telling that the board hired this CEO after his CTO performance at McAfee.
None of this is rocket science. However, it does cost money. As long as the damage done costs someone else money (and not them), the minor fines (if any) will be considered operating costs.
See every data breach ever.

Microsoft certified that backdoor. This is entirely a Microsoft failure, as they've proven their whole certification process to be inept.

Quite often the tests are also software, but who tests the tests? I'm afraid that in practice a lot of it just relies on the low probability of tests consistently breaking in a way that would allow them to pass unexpectedly.

In my career working at multiple companies as an embedded software developer I found one thing always remarkable. And this is the difference between software and hardware engineers. Hardware engineers are generally much more detail and responsibility oriented. Designing, analyzing, simulating, measuring, testing, optimizing again and again and again. Documenting each step and meticulous house holding of the processes and their labs. Software engineers are much more easygoing and laid back so to speak. At basically every company it was like chaos vs accuracy... And I don't exclude myself here. But this is also part of the bad quality in software lately imho. While we SWEs routinely played ping pong at the end of the day the hardware engineers pulled their heads together over measurement equipment.

Thanks Dave!

CrowdStrike. FORD Boeing. GM. Harvard Business School management

The main issue is that CIOs/CTOs of companies whose bottom line relies on their 24/7 services are so utterIy incompetent as to decide to invest in an ecosystem that requires changes to ring 0. Not onIy do I think these CIOs/CTOs don't understand what ring 0 or kerneI space even means, they probabIy aIso ignore any advice from the more competent peopIe that they manage.

This video just keep reminding me, "Should we trust any of you software developers or software companies anymore?"
Any software developers or companies want to weight in? Be honest about it, too. Lol.

I get the impression that automated testing IS the problem....

Has he covered the Horizon debacle ?

LOL. Cloudstrike is to be blamed for bypassing security controls and best practices. Cloudstrike can not be considered as a security company anymore, just another money making machine.

I release (or at least used to) untested code all the time. Nothing interesting ever happened even if a bug was introduced... Tho, decoupling and error boundaries where respected.
Testing will NEVER ensure a resilient bug-free code.
If you isolate your sub-systems you don't need each of them individually to be resilient or bug-free.
Testing implies someone with a big wrinkled brain to ask the right questions.
Isolation requires someone with IQ80 or manager with a marker to draw a thick black line.
- But testing as a design tool and an assurance for not repeating the same mistakes over and over is priceless.

User mode is ring 3.

We have to boot out the bloody MBA's out of IT and Software.