[Discuss] CrowdStrike Fiasco
Dan Ritter
dsr at randomstring.org
Mon Jul 22 16:42:47 EDT 2024
jim at gasek.net wrote:
>
> HIRE GOOD PEOPLE.
> TEST YOUR CODE.
> DEPLOY TO A SANDBOX FIRST.
> DOUBLE CHECK STAGING FILES.
> CROSSTRAIN YOUR STAFF.
> CHECK YOUR WORK!!!!
>
> Right now the entire country is re-evaluating how they deploy patches.
>
> Shame on you if you accept and deploy a vendors patches without testing.
>
> The safety of the computing environment of the entire world should not be in the hands of a couple people, period.
These are all good practices, but I'll also point out that
every* organization needs an explicit security policy based on
an explicit threat model, and insiders and vendors are
definitely threats.
A careless person with root can do more damage than an
intentional outside attacker.
-dsr-
*Yes, sure, this is hyperbole.
More information about the Discuss
mailing list