@iamthatis That's a good catch and very telling. There's a reason why everyone has been scratching their heads as to how did a programming bug make it past code testing. Interesting how CrowdStrike is also not agreeing to the "Null pointer" findings on the X but not sharing the real root cause either. And the way they are not coming out in the open with full disclosure hints at a cover-up and biding time to build up a plausible narrative. If anything, they are sticking to their Incident Management Playbook which generally permits waiting for anywhere between 7-30 days for public disclosures.
What is surprising is that the people around me as well as ones working for other businesses aren't considering moving away from CrowdStrike and saying things like, what else would we use etc. So, they are willing to give one to CS, thinking it as a one-off incident. It might be different for airlines and hospitals but I know that one can't just rip and replace security software without some disruption, and the visibility/capabilities CS provides might offset the damage from this outage. I say this because the security is now very important topic at board level with C-suite representations and they have vested interests in bringing in ever new invasive tech for greater visibility and risk mitigiation.
So, it would be very interesting to see how this one pans out.
What is surprising is that the people around me as well as ones working for other businesses aren't considering moving away from CrowdStrike and saying things like, what else would we use etc. So, they are willing to give one to CS, thinking it as a one-off incident. It might be different for airlines and hospitals but I know that one can't just rip and replace security software without some disruption, and the visibility/capabilities CS provides might offset the damage from this outage. I say this because the security is now very important topic at board level with C-suite representations and they have vested interests in bringing in ever new invasive tech for greater visibility and risk mitigiation.
So, it would be very interesting to see how this one pans out.