CrowdStrike released a preliminary incident report on the catastrophic software update that caused a global IT outage last Friday.
The company’s proposed remedies, in a section entitled “How Do We Prevent This From Happening Again?” parallel recommendations in our previous story.
CrowdStrike now says it will “implement a staggered deployment strategy for Rapid Response Content.” But some details in the preliminary report are surprising, particularly CrowdStrike’s explanation of how it implemented massively deploy its so-called “Rapid Response Content” without testing.
It turns out, as professor Phil Koopman of Carnegie Mellon University, concluded in our recent interview, that Crowdstrike tests software changes subject to phased release by IT groups. “But it pushes data changes straight to production with NO TESTING. The only precaution is a check by CrowdStrike’s own Content Validator.” The Content Validator was defective, added Koopman, “allowing bad content to get through.”