[SystemSafety] Crowdstrike's crowd strike

Derek M Jones derek at knosof.co.uk
Sun Jul 21 01:51:29 CEST 2024


Paul,

> One has to wonder why we do not strongly emphasis the need to develop all software
> as with attendant risk assessment and hazard mitigation considerations. Not to do so
> leads to lazy coding practice IMHO.

The sys file people are being told to delete contains nothing but
null bytes.

So there are at least two issues:

1) Why was a file full of nulls pushed to customers?

2) Why was there no basic checking of the correctness of
sys files (it looks like one of these null byte sequences
was treated as a pointer, and dereferenced)?

-- 
Derek M. Jones           Evidence-based software engineering
blog:https://shape-of-code.com


More information about the systemsafety mailing list