Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't think you're going to see as many lawsuits are you think. Most of these contracts probably state that they had to follow reasonable precautions for business continuity and data recovery. Having Crowdstrike in the path seems to have been a reasonable and potentially best practice before today's outage.

I don't think that companies are going to be held liable at all.



I do hope some organizations realize though it’s not a great idea to have a half-baked rootkit as your lucky charm against cybercrime.


Eh. I think you're underestimating how overmatched these IT depts are when it comes to cybersecurity.

Either sign a contract with a best-in-class (even if in name only) vendor who says that they'll do all of this for us or we need to become "experts" in cybersecurity and potentially still use them.

The CIO is overmatched here so they're making the decision that protects them and their clients in _almost all_ cases.


Crowdstrike should be held liable and sued out of existence.


They won’t. If crowdstrike was an individual or a state there would be repercussions. But this will all be a forgotten memory in two weeks or less.


Once they are taken to court and all their crap gets subpoena'd I think we might find that reasonable precautions were not taken.

Its possible that this update was never properly QA'd and was just rushed out the door. If thats the case then it could be found to be negligence, and no amount of legal jargon protects you from negligence. It could be the end of CrowdStrike. /end fud.


Think the parent meant the client companies probably won't generally be held liable. CrowdStrike is certainly going to be in all sorts of trouble.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: