• thesmokingman@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    You highlighted the wrong portion of this article.

    The complaint cites statements including from a March 5 conference call where Kurtz characterized CrowdStrike’s software as “validated, tested and certified.”

    If the CEO is making claims that the software is tested and certified, then the CEO should be able to prove that claim, no matter where the software lives. It is very reasonable to say, at face value, the CrowdStrike testing pipeline was inadequate. There is a remote possibility that there were mitigating factors, eg some other common software update released right before from another vendor that contributed; given CrowdStrike’s assurances and understanding of where it falls in most supply chains I consider that to be bullshit. I personally haven’t seen anything convincing that shows a strong and robust CI pipeline magically releasing this issue.

    Now shareholder lawsuits are bullshit in general and, as someone constantly pushed to release without fucking any confidence, I think it’s really fucking dumb to ever believe any software passes any inspection until you have actually looked at the CI/CD process in-depth.

    • kevindqc@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      4 months ago

      I mean it was true. It’s just that here was a bug with the automated testing software that let the bogus file go through.

      They could have shown their testing/certification pipeline to investors, but it wouldn’t have changed anything unless investors would have somehow been able to figure out there was a bug in what they showed them.