350
submitted 5 months ago by jeffw@lemmy.world to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] Technus@lemmy.zip 204 points 5 months ago

No validation, in the driver or the updater software.

No validation or automated testing on publish.

No staged rollouts.

Just utterly irresponsible all around.

[-] boatswain@infosec.pub 47 points 5 months ago

A coworker of mine has worked with CrowdStrike in the past; I haven't. He said that the releases he was familiar with from them in the past were all staged into groups and customers were encouraged to test internally before applying them; not sure if this is a different product or what, but it seems like a big step backwards of what he's saying is right.

[-] ramble81@lemm.ee 53 points 5 months ago* (last edited 5 months ago)

I first dealt with them at least 10+ years ago and at the time they had no ability to do staged roll outs or targeted roll outs. We got updates when they said we did, no choice or control. We had to resort to updating our firewall to restrict the download endpoint and only open it in groups to do a phased update.

[-] boatswain@infosec.pub 13 points 5 months ago

Interesting! Sounds like they may have changed things a few times, or maybe my co-worker's memory has some gaps.

[-] BearOfaTime@lemm.ee 2 points 5 months ago
[-] SupraMario@lemmy.world 10 points 5 months ago

Channel files are different from sensor updates, which you have no control over for version control. Sensor releases you have control over.

[-] boatswain@infosec.pub 2 points 5 months ago

Ah interesting, thanks!

load more comments (11 replies)
this post was submitted on 21 Jul 2024
350 points (97.8% liked)

Technology

59997 readers
2571 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS