[SystemSafety] Crowdstrike's crowd strike

Alvery Grazebrook alvery.grazebrook at airbus.com
Mon Jul 22 14:42:07 CEST 2024


But isn't that the question - is it their stupidity (vs. simple mistake) to
have so much dependent infrastructure connected to their system? Surely
there is some obligation on the Airline systems to protect themselves from
their supplier's mistakes? Would you implement an airline IT system using
software from a supplier on your critical infrastructure and install it
without testing it first? That's what I find unbelievable here - that these
major organisations are allowing a 3rd party supplier direct control over
their IT systems without oversight.

Cheers,

Alvery


On Sun, 21 Jul 2024 at 00:36, Steve Tockey <steve.tockey at construx.com>
wrote:

>
> I am now sitting—stranded—at Las Vegas airport because my flight home has
> been cancelled due to the Crowdstrike debacle. The earliest I can get out
> is on Monday, a 48 hour delay. Since it’s their fault, I should,
> realistically, be able to bill them for the added expenses of having to
> spend another two days here.
>
> Or, no doubt, they have cleverly written their contracts in a way to
> excuse them of all consequential liabilities of their stupidity . . .
>
>
>
> — steve
>
>
>
> On Jul 20, 2024, at 2:56 PM, paul_e.bennett at topmail.co.uk wrote:
>
> On 7/20/2024 at 9:31 PM, "Thomas Netter" <tn at thomasnetter.com> wrote:
> >
> > https://www.crowdstrike.com/terms-conditions/
> >
> > 8.3  Services Warranty. CrowdStrike warrants to you that it will
> > perform all Services in a *professional* and workmanlike manner
> consistent
> > with *generally accepted industry standards.* (...)
> >
> > 8.6 (...) CROWDSTRIKE TOOLS ARE *NOT FAULT-TOLERANT* AND ARE NOT
> > DESIGNED OR INTENDED FOR USE IN *ANY HAZARDOUS ENVIRONMENT*
> > REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE
> > OFFERINGS NOR CROWDSTRIKE TOOLS ARE FOR USE IN THE OPERATION
> > OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS,
> > WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR
> > TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE
> > COULD RESULT IN DEATH, *SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE.*
> >
> > Question is then: if your piece of software is so successful that its
> failure can lead to
> > millions of people piling up as exhausted crowds, causing an emergent
> behaviour of
> > aggressivity, possibly people hurting themselves as the environment
> becomes
> > hazardous due to software failure, and wanting to break everything to
> cause loss or
> > severe damage to equipment/property... hasn't it become a
> safety-critical piece of
> > software even though it was not originally intended to be one?
> >
> > Thomas
>
> One has to wonder why we do not strongly emphasis the need to develop all
> software
> as with attendant risk assessment and hazard mitigation considerations.
> Not to do so
> leads to lazy coding practice IMHO.
>
>
> Regards
>
> Paul E. Bennett IEng MIET
> Systems Engineer
> Lunar Mission One Ambassador
> --
> ********************************************************************
> Paul E. Bennett IEng MIET.....
> Forth based HIDECS Consultancy.............
> Mob: +44 (0)7811-639972
> Going Forth Safely ..... EBA. https://electricboatassociation.org/
> ********************************************************************
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription:
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription:
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
This email and its attachments may contain confidential and/or privileged information.  If you have received them in error you must not use, copy or disclose their content to any person.  Please notify the sender immediately and then delete this email from your system.  This e-mail has been scanned for viruses, but it is the responsibility of the recipient to conduct their own security measures. Airbus Operations Limited is not liable for any loss or damage arising from the receipt or use of this e-mail.

Airbus Operations Limited, a company registered in England and Wales, registration number, 3468788.  Registered office:  Pegasus House, Aerospace Avenue, Filton, Bristol, BS34 7PA, UK.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20240722/7ade3dfa/attachment.html>


More information about the systemsafety mailing list