Here's an interesting question that I haven't seen anyone really engage with yet:

If the nigh monoculture of CrowdStrike didn't exist, and malicious behavior protection wasn't as consistent as a result, would the aggregate harm of multiple smaller bad events occurring over years be above or below the one-shot harm of CrowdStrike's screwup?

Maybe the answer is obvious if you have more context than I do, but to me it doesn't seem so obvious it can be taken for granted one way or the other.

Even before the outage, I had zero confidence in crowdstrike, and I was surprised that seemingly competent organizations would adopt it. It seems like an industry failure.

Same for "network security" proxies that actually break security.

I don't necessarily disagree with all of Dan Geer's assertions, but I am unconvinced that regulation can overcome organizational stupidity.

"We know that in a large system redundant components make intentional faults more likely to produce global faults."

This is... non-obvious to me. Anyone know what he means by this?

Many of us knew it was time to act, like 20 years ago.

Cost cutting trumps ALL other concerns. It's the ruling class' irrevocable policy.

C'est la vie.

If you don't like it, start your own business that does better. ¯\_(ツ)_/¯

Dan Geer had some good essays and some good insights in the past.

[dead]

[dead]

Stopped reading when the causes listed didn't mention the EU regulation that prevented Microsoft from delivering its api that would have meant that cloud strikes software wouldn't have been running in kernel mode.

This is a guy who apparently knows a lot (he says "we" but I do not know all o that) but certainly not about cybersecurity operations.

I was expecting all kinds of experts to discuss how "this was expected" and "you should have done it another way" after the CS incident, while failing to understand why their monitor does not work when switched off.

I guess that a week in an active organization's secops team would show them how much more we are in control of what is happening on end-user devices today than it was 10 years ago. I wish them all the best in managing the security of a few dozens of thousands of machines with their knowledge about what cybersecurity could be like in an alternative world.