Ask HN: Is CrowdStrike or Microsoft liable for Delta's failure?

2 points by eagerpace ↗ HN
As software experts we likely all have encountered an upset customer who blames our system for a failure. Sometimes they’re right and sometimes they’re wrong. This seems to be an extreme case if that playing out in public. Will it have broader implications?

4 comments

[ 3.1 ms ] story [ 23.3 ms ] thread
(comment deleted)
My initial thought was no, that Delta should be responsible for their own software deployments, but I wonder what kind of best practices and recommendations the CrowdStrike Enterprise Support team shared with Delta airlines.

I have to imagine a big part of their sales pitch was, you should definitely put this everywhere and turn on automatic updates because then you'll be the most secure. If it's written down anywhere about how their QA practices prevent exactly this kind of thing happening, then I think there's probably an argument they should be held liable. (This is from an tech perspective, not a legal perspective)

Yes.

One enabled this, another perpetrated it.

Just so we are clear, are you saying the MS enabled this by allowing third parties to push kernel drivers and that in your opinion only MS itself should be allowed to do that?