There's a long list of incredibly damaging fuckups by software companies, but I can't think of a single example of an existence-ending judgement from litigation.
The biggest reason why billion-dollar software companies continue to release shitty and dangerous products is because they face zero legal liability for their negligence.
>There's a long list of incredibly damaging fuckups by software companies,
Just one example - Fujitsu, associated with the biggest ever misscarriage of justice in England because of bugs in their Horizon software, still going strong...
Great example, but sadly a collective of wronged Postmasters didn’t (at least until recently) have much clout - partly hence the problem.
In the Crowdstrike case, we have multiple major airlines, multiple airports, hospitals, and some large media outlets. Probably billions of dollars of losses.
Exactly this, they will probably pay a few pennies here and there to settle simple disputes out of courts and business will continue as usual. It's not like any of the governing bodies will intervene to punish these corporations. It's truly a sad state of affairs when those elected to protect the public serve the needs of mega corporations instead..
The types of law that you would normally expect to protect you as a US consumer against completely defective security software that does nothing right and harms customers do not work on software for a variety of complicated reasons. In a way that is completely distinct from other kinds of things that are sold, you will not be able to recover under a UCC warranty claim, a negligence claim, or a claim related to defectively designed or manufactured piece of software.
If Crowdstrike is litigated into non-existence, it will not be in America, because the law doesn't work like that. Worth noting that there are a lot of software companies in America. This is not a coincidence.
Yeah, I keep hearing people say “CrowdStrike is done for” or similar. But I honestly think this will be blown over and forgotten in a month or 2.
Almost every large tech company in existence has had some sort of fuck up and survived. (Intel CPU vulnerabilities, iCloud security scandal, Sony multiple data leaks, ..).
Yeah but they had one job… nobody in corporate IT is going to want to bet their careers on buying into crowdstrike from this point onward. Maybe not terminal for the company but it’s going to hurt it for a long time to come.
> nobody in corporate IT is going to want to bet their careers on buying into crowdstrike
CISOs buy EDR. In order to kill CrowdStrike, you'd need competitors with similar capabilities who haven't caused similar but smaller and less publicized outages or performance hits (off the top of my head, Tanium and Carbon Black have. I was there.) And that haven't been publicly hacked due to equally boneheaded issues in other products recently (like Palo Alto). So Microsoft... maybe.
In an industry which is based on ticking check boxes for auditors, relying on Crowd strike will auto untick the checkbox. The only hope for them is rebrand and starting from scratch.
Auditors might consider this a feature. ;) What's more secure than a computer that's totally inaccessible (because its OS has been rendered unbootable)?
There's a long list of incredibly damaging fuckups by software companies, but I can't think of a single example of an existence-ending judgement from litigation.
The biggest reason why billion-dollar software companies continue to release shitty and dangerous products is because they face zero legal liability for their negligence.