Talk:2024 CrowdStrike incident

This is the talk page for discussing improvements to the 2024 CrowdStrike incident article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: Index, 1, 2, 3Auto-archiving period: 5 days

This article is written in New Zealand English, which has its own spelling conventions (colour, realise, analyse, centre, fiord) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus.

	Page history
This article was nominated for deletion on 19 July 2024. The result of the discussion was speedy keep. A news item involving 2024 CrowdStrike incident was featured on Wikipedia's Main Page in the In the news section on 19 July 2024.

This article is rated B-class on Wikipedia's content assessment scale. It is of interest to multiple WikiProjects.

Computing: Software / Security High‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as High-importance). This article is supported by WikiProject Computer Security (assessed as High-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Internet Top‑importance This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet articles Top This article has been rated as Top-importance on the project's importance scale. Microsoft: Windows High‑importance This article is within the scope of WikiProject Microsoft, a collaborative effort to improve the coverage of articles relating to Microsoft on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.MicrosoftWikipedia:WikiProject MicrosoftTemplate:WikiProject MicrosoftMicrosoft articles High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Microsoft Windows (assessed as Top-importance). Disaster management High‑importance This article is within the scope of WikiProject Disaster management, a collaborative effort to improve the coverage of Disaster management on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Disaster managementWikipedia:WikiProject Disaster managementTemplate:WikiProject Disaster managementDisaster management articles High This article has been rated as High-importance on the project's importance scale. Business This article is within the scope of WikiProject Business, a collaborative effort to improve the coverage of business articles on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.BusinessWikipedia:WikiProject BusinessTemplate:WikiProject BusinessWikiProject Business articles ??? This article has not yet received a rating on the project's importance scale.

The following references may be useful when improving this article in the future: "Global IT Outage Grounds Flights and Hits Businesses: Live Updates". The New York Times. 19 July 2024. "Global tech outages hit airlines, banks and businesses". CNN. 19 July 2024. "Microsoft IT outage linked to cyber security firm Crowdstrike hits airlines, railways and media outlets globally – live news". The Guardian. 19 July 2024. "Crowdstrike cybersecurity firm says its software update triggered worldwide Microsoft IT outages". BBC. 19 July 2024. "En direct, panne informatique mondiale : des entreprises du monde entier paralysées, les Bourses mondiales reculent". Le Monde (in French). 19 July 2024. "Caída de Microsoft, en directo: La empresa tecnológica responsabiliza al proveedor de ciberseguridad CrowdStrike de la caída informática global". El País (in Spanish). 19 July 2024. "Aeroporti, banche e aziende in tutto il mondo sono bloccati per un guasto informatico". Il Post (in Italian). 19 July 2024.

Section sizes Section size for 2024 CrowdStrike incident (30 sections) Section name Byte count Section total (Top) 7,591 7,591 Background 3,551 3,551 Outage 10,416 16,144 Remedy 5,728 5,728 Impact 6,192 145,317 CrowdStrike liability 2,971 2,971 Air transport 1,351 59,408 Oceania 3,614 3,614 Asia 14,433 14,433 Europe 16,661 16,661 Middle East and North Africa 1,189 1,189 North America 22,160 22,160 Finance 12,760 12,760 Government 16,913 16,913 Ground transport 9,919 9,919 Healthcare 11,153 11,153 Media and communications 14,969 14,969 Retail 7,967 7,967 Other sectors 3,065 3,065 Response 3,985 16,552 Political 4,781 4,781 Industry 5,947 5,947 Criminal 1,839 1,839 Analysis 16 10,067 Cause 860 860 Centralisation and homogeneity 2,669 2,669 IT practices 2,002 2,002 Operating system design and antitrust enforcement 4,520 4,520 See also 481 481 References 300 300 Total 200,003 200,003

On 19 July 2024, it was proposed that this article be moved. The result of the discussion was no consensus.

Archives

Index Archive 1 Archive 2 Archive 3

This page has archives. Sections older than 5 days may be automatically archived by ClueBot III when more than 5 sections are present.

"Despite the losses companies have suffered, CrowdStrike was said to be only minimally liable for the damage or lost revenue caused"

Whether the company Crowdstrike and its staff is liable under civil or penal laws worldwide cannot be determined by a "said to be" analysis of their terms and conditions. The linked source is not authorative.

For instance in Germany Penal Code Section 303v StGB § 303b Computersabotage stipulates "(1) Anyone who significantly disrupts data processing that is of essential importance to another person by... 3. destruction, damaging, rendering unusable, removal or alteration of a data processing system or a data carrier, shall be liable to a custodial sentence not exceeding three years or to a monetary penalty."

Now, of course it is upon courts to determine how that lack of due diligence when pushing an update shall be evaluated. Rebentisch (talk) 17:29, 9 August 2024 (UTC)[reply]

Coming from a policy-analysis professional background, I would suggest that this needs to be something like "... CrowdStrike is expected to be only minimally liable for lost revenue and other damages, in most jurisdictions", if this is what is supported by the sources (i.e., if legal- and policy-competent source material is generally saying pretty much what that Wikipedia-summary version arrives at in easily-digestible form). Then cite a bunch of those sources so there is no "according to whom?" problem. The issues in the original wording are multiple: First, "was" is wrongly past-tense. Second, "said to be" implies a statement of fact (or a statement of opinion about a fact), when the fact is indeterminate (depends on legal case outcomes which will take years), and we're really dealing with a prediction, not a factual observation. Third, "damages" in the legal sense is plural, and lost revenue is a subcategory thereof, not something distinct from damages. Fourth, "caused" serves no purpose in this sentence and is just blather.  — SMcCandlish ☏ ¢ 😼  02:51, 10 August 2024 (UTC)[reply]

I rewrote that paragraph in the article to actually reflect the linked source anyway, which I think dodges the legal-wording problem. Conkaan (talk) 14:46, 12 August 2024 (UTC)[reply]

What paragraph was it? I can't find it and I'm curious to see what it says before and after. 2A04:4A43:424F:DC33:3D59:212C:8E0A:5594 (talk) 02:49, 5 September 2024 (UTC)[reply]

Several sources have noted that this probably wouldn't have happened if the CrowdStrike module had been written in Rust instead of C++. IMO this is the most likely avenue for a legal case alleging "gross negligence" (i.e. so negligent as to negate contract terms that limit liability). Jruderman (talk) 18:43, 13 August 2024 (UTC)[reply]

If reliable sources support the proposition that the programming language chosen was a causal factor, that is appropriate for inclusion. If it is merely speculation or conjecture, such as probably wouldn’t have happened (without more), that does not appear appropriate for inclusion. Local Variable (talk) 01:42, 14 August 2024 (UTC)[reply]

... had been written in Rust instead of C++. This sounds like the memory-safe programming debate again, without it being referred to as such. Regardless, if you have sources, then please link to them. (Also, COI?) --Super Goku V (talk) 04:27, 14 August 2024 (UTC)[reply]

I assume as a former security bug hunter for Mozilla OP is partial to Rust. Local Variable (talk) 04:43, 14 August 2024 (UTC)[reply]

Ah, that would be it. I was just confused on how there could possibly be a COI if it didn't otherwise apply to the article. --Super Goku V (talk) 09:03, 14 August 2024 (UTC)[reply]

• https://moderndiplomacy.eu/2024/07/22/a-day-the-digital-world-stood-still-lessons-from-the-microsoft-and-crowdstrike-crisis/
• https://thenewstack.io/microsofts-it-outage-reminder-rust-is-better-than-c-c/
• https://www.latimes.com/opinion/story/2024-07-23/crowdstrike-outage-microsoft-tech-security

— Jruderman (talk) 15:28, 14 August 2024 (UTC)[reply]

This all seems to be based on the debunked analysis by Zack Vorhies, who also cited DEI as a cause of the incident in his analysis. --Ahecht (TALK
PAGE) 16:11, 14 August 2024 (UTC)[reply]

I saw that thread at the time and became suspicion when the DEI bits appeared. Sounds like this isn't ready for inclusion until CrowdStrike release their own root-cause analysis. Jruderman (talk) 00:55, 21 August 2024 (UTC)[reply]

Yes, been debunked. It should not be included. People were racing to discuss the issue without much actual insight. Now things have settled down. 2A04:4A43:424F:DC33:3D59:212C:8E0A:5594 (talk) 02:51, 5 September 2024 (UTC)[reply]

The page Y2K24 redirects here. Is this a name that's actually in common usage? I haven't seen anyone using "Y2K24" and maybe two news articles or blogs... 2A04:4A43:403F:D906:28DB:8DEC:4D9A:9D85 (talk) 23:21, 3 September 2024 (UTC)[reply]

Why no mention of the issues at Azure that coincided with CrowdStrike's failure? I remember it being in the article. I think it should be at least briefly mentioned, since many people thought it was related to the event at the time. 2A04:4A43:424F:DC33:3D59:212C:8E0A:5594 (talk) 02:47, 5 September 2024 (UTC)[reply]

My mistake. I see it does get a brief mention. Never mind. 2A04:4A43:424F:DC33:3D59:212C:8E0A:5594 (talk) 02:49, 5 September 2024 (UTC)[reply]

The following references only a YouTube video and doesn't state what "Fireship" is or why the speaker is relevant or an authority. Does it really belong?

Jeff Delaney of Fireship commented that "Giving one company kernel access to the computers of most Fortune 500 companies might actually be a bad idea." 2A04:4A43:424F:DC33:3D59:212C:8E0A:5594 (talk) 02:56, 5 September 2024 (UTC)[reply]

I've now removed it. The video is informative and engaging but a minor YouTuber is not a reliable source, and his personal opinion shouldn't merit inclusion alongside industry professionals and security experts. GhostOfNoMeme 05:13, 6 September 2024 (UTC)[reply]