There should be congressional hearings on this. Not just post mortems.

Honest question: would you expect Congress to respond in a way that's a true net-positive?

No, but its a warning to the next guy/megacorp:

Don't do that, or you'll be dragged before the greatest obnoxious and self-aggrandizing body in the world for lengthy dressing down that probably affects the stock price.

I don’t think a cybersecurity company can take down half the US and not release a postmortem

Of course, but we specifically would like to see a _technical_ postmortem that examines what kind of incremental rollout procedures they have and how this update overcame those.

Or... you know... This kind of software should be open source or companies using it should at least be able to audit the code themselves.

Supposedly they have all kinds of certifications but not even having basic QA demonstrates that this is all just a smokeshow: https://www.crowdstrike.com/why-crowdstrike/crowdstrike-comp...