That’s odd. One is an internal process which has no obligation to an external party, and the other one who is specifically responsible for being liable for any repercussions due to deviating from their own SDLC process[1]they totally skipped themselves?
If I were Delta, I’d get other affected parties and together sue CrowdStrike and get all their dirty laundry out in the open.
[1] I haven’t checked but they used to list all their ISO certs, etc. Wonder if those get revoked for such glaring violations…
Civil suits focus in a large way on determining how much damage is each party’s fault. So Crowdstrike would be saying “Of this $500M in damages, x% was from your own shitty practices not from our mistake”. Thats why it’s all pertinent.
> One is an internal process which has no obligation to an external party
Delta has obligations to their passengers and similarly sidesteps screw ups with similar contractual provisions. How much would Delta owe for not following similar IT practices? Do they now owe customers for their IT failings? Should customers now get to sue Delta for damages related to their poor IT recovery compared to other airlines?
Sure but that’d be something passengers could bring up in a suit against Delta, not someone like CS, who themselves obviously skipped their own internal SDLC and whatever other ISO certs they prominently advertised on their website.
I assume the argument is that if they can show negligence in their IT practices, then the $500 million in damages can't be all attributed to CrowdStrike's failure.
If I were Delta, I’d get other affected parties and together sue CrowdStrike and get all their dirty laundry out in the open.
[1] I haven’t checked but they used to list all their ISO certs, etc. Wonder if those get revoked for such glaring violations…