If Congress probes CrowdStrike, they'll likely examine management oversight

dcblogs writes: Congress is unlikely to settle for a simple technical explanation from CrowdStrike regarding the root cause of its failure. Lawmakers have asked CrowdStrike officials to appear before a U.S. House committee. They will likely ask whether management issues, inadequate oversight, employee turnover, training, processes, communications, resource allocation, and tool investment contributed to this outage. They will also examine the remedies detailed on Wednesday by Crowdstrike, which included basic Q&A practices such as local developer testing. Local developer testing, or basic unit testing, involves testing software on a single, isolated machine or environment, explained Jim Johnson, who recently retired as the longtime chair of the Standish Group, a research organization that studies software failures. "I do not see anything in their response that would prevent future issues," Johnson said after reviewing CrowdStrike's "software resiliency and testing" prevention plans. Owners of systems that were disabled will also have much to explain. For instance, it crashed 911 systems in several states but not in NYC, which uses a sandbox for updates. Herb Krasner, an advisory board member and author of the 2022 Consortium for Information and Software Quality's report on "The Cost of Poor Software Quality in the U.S.," noted that the issue is generally one of "organizational willpower in the C-Suite to do better than they currently are doing." He added, "Meaning specifically that quality is not usually an organizational goal—which is now coming home to roost."

CrowdStrike preliminary review: https://www.crowdstrike.com/wp...