this post was submitted on 21 Jul 2024
191 points (76.5% liked)
Technology
59390 readers
3596 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
An underlying problem is that legal security is mostly security theatre. Legal security provides legal cover for entities without much actual security.
The point of legal security is not to protect privacy, users, etc., but to protect the liability of legal entities when the inevitable happens.
CrowdStrike perfectly met their needs by proving someone else to blame. I don't think anybody is facing any consequences for contracting with CrowdStrike. It's the same deal with Microsoft X 10000000. These bad incentives are the whole point of the system.
This is the myth! As we all know there were very serious consequences as a result of this event. End users, customers, downstream companies, entire governments, etc were all severely impacted and they don't give a shit that it was Crowdstrike's mistake that caused the outages.
From their perspective it was the companies that had the upstream outages that caused the problem. The vendor behind the underlying problem is irrelevant. When your plan is to point the proverbial finger at some 3rd party you chose that finger still--100% always--points to yourself.
When the CEO of Baxter International testified before Congress to try to explain why people died from using tainted Heparin he tried to hand wave it away, "it was the Chinese supplier that caused this!" Did everyone just say, "oh, then that's understandable!" Fuck no.
Baxter chose that Chinese supplier and didn't test their goods. They didn't do due diligence. Baxter International fucked up royally, not the Chinese vendor! The Chinese vendor scammed them for sure but it was Baxter International's responsibility to ensure the drug was, well, the actual drug and not something else or contaminated.
Reference: https://en.wikipedia.org/wiki/2008_Chinese_heparin_adulteration
I would think that a FDA-ban on Chinese pharmaceuticals and an international arrest warrant for the Chinese suppliers C-suite should have been effected.
The fact that the US company CEO was liable and probably didnt spend a single day in a real prison cell is more likely outcome.