Tinker ☀️Jul 19, 2024

So managers are starting to spew the whole "well I didn't do anything wrong, it affected everyone else, so we're not liable" bullshit.

Did you allow a third party vendor to have the highest privilege access to all of your systems AND let them run Remote Code Execution on your systems whenever they want?

You didn't have a test environment set up to test each update or patch that is applied to your systems before you push them to prod? No? Just let it auto-update?

Yeah, that "Risk Transference" didn't work so well as your GRC policy seemed to think it would, huh? I know they're a security company and they SHOULD have tested it, but they didn't, did they?

I know everyone else does it, but if everyone else jumped off a bridge, would you?

Just because everyone else fucked up, doesn't mean you didn't fuck up.

There's gonna be a lot of deep discussions in this post-mortem and hopefully orgs will change. Those that don't will just be hit again... and again... and again.

#crowdstrike

Show threadJohnny Rebel, Antifa Division
@tinker Thank-you, I feel the same about M$. M$ got rid of testers @ 20 years ago. I was at the highest level, 4, and they did it to make more money, and pushed the burden onto the developers, because testing your own code is so foolproof!🤬
Jul 19, 2024 at 11:31pmWeb