CrowdStrike unhappy with Delta litigation threat, says airline refused free help

I think it is possible that someone will make a convincing argument about how CrowdStrike was negligent in testing and rolling out updates. I have no idea whether this will result in significant court wins, but this case does seem a bit different than many other previous large-scale IT outages.

Delta also considering to sue Microsoft is kinda ridiculous though, and does not give me a good impression. I can see blaming Microsoft for not providing better APIs for this kind of security software to be run in a safer manner, but that is more abstract and long term criticism. It is not something you can use to sue directly for damages.

We all know that mistakes happen, even big ones. But the difference here is that Crowdstrike is running in the most privileged position possible in the OS, is very widely deployed in somewhat critical systems and receives frequent updates on very short notice. There has to be a much higher expectation and burden in cases like this to make this process as safe as possible, ensure a high level of testing and take all possible precautions when rolling out updates.

Sure, Delta is responsible for its IT decisions... But the IT decision it made is putting CrowdStrike on the critical path for most of its public-facing hardware, which is what CrowdStrike's sales and marketing says you should do.

This argument coming from them is not exactly a glorious self-opinion. Were I considering compliance software purchases, I would take this as a signal that CrowdStrike is saying the product can't be trusted.

Crowdstrike is going to talk a big game in pre-trial because they know that once the jury cuts through the PR spin, Crowdstrike is still responsible for screwing up the lives of hundreds of thousands of people by their negligence.

Delta's tech team will be forgiven for not instantly wanting support from the group responsible for the largest IT blunder in history.

Crowdstrike certainly comes out looking terrible. The fact that Delta might have also made mistakes is weak sauce.

Even if Delta doesn't win this is going to lead to more and more customers wanting to negotiate terms when they buy software like this to either get money back if the vendor causes them problems or hold the vendor liable.

Seems ridiculous but big customers seem to be able to negotiate this stuff. One place I worked Verizon Wireless was a customer and they were able to negotiate money back over bugs taking too long to fix and/or outages caused by the software. That was a long time ago.

Where does the responsibility of testing OS patches, AV updates and other automatic type installs fall? Systems deemed critical to your primary business must have some level of internal testing and validation in place from automatic external vendor updates. Does that responsibility not lie with Delta's IT management policies, regardless of CrowdStrike's Sales suggestions?