Crowdstrike 'Oopsy'

Boils Down To Three Things

2024-07-26

I have been asked for an analysis on the Crowdstrike "oopsy",

and I have seen that it comes down to three main things:

  1. Having their program run in kernel space instead of userspace makes any exception fatal
  2. It is written in an unsafe language (C++)
  3. This was the perfect example of "testing in prod"

What are you thoughts?