> people were writing that ridiculous SLA's, such as "4 hour response to a vulnerability
I didn't see people explaining why this was ridiculous.
> make it practically impossible to release well-tested code
That falsely presumes the release must be code.
CrowdStrike say of the update that caused the crash: "This Rapid Response Content is stored in a proprietary binary file that contains configuration data. It is not code or a kernel driver."
>I didn't see people explaining why this was ridiculous.
Because of how it affects priorities and incentives.
E.g.: as of 2024, CrowdStrike didn't implement staggered rollout of Rapid Response content. If you spend a second thinking why that's the case, you'll realize that rapid and staggered are literally antithetical.
>CrowdStrike say of the update that caused the crash: "This Rapid Response Content is stored in a proprietary binary file that contains configuration data. It is not code or a kernel driver."
Well, they are lying.
The data that you feed into an interpreter is code, no matter what they want to call it.
I didn't see people explaining why this was ridiculous.
> make it practically impossible to release well-tested code
That falsely presumes the release must be code.
CrowdStrike say of the update that caused the crash: "This Rapid Response Content is stored in a proprietary binary file that contains configuration data. It is not code or a kernel driver."