Security expert Katie Moussouris joins to discuss the CrowdStrike BSOD fiasco, examining technical failures, cybersecurity incidents like SolarWinds, and the role of the Cyber Safety Review Board. The podcast delves into persuading entities to invest in security, learning from failures, and the importance of research bodies in cybersecurity.
Importance of transparency in software updates for system reliability.
Challenges of kernel mode operations in intrusion detection software.
Criticality of learning from near-misses to enhance organizational resilience.
Need to prioritize security in open source software projects.
Deep dives
The Personal Touch: Sharing Nerdy Cat Names
The podcast guests discuss their shared passion for naming their cats after tech-related themes, highlighting the personal bond over quirky names like Scappy and Mochi.
Impact of CrowdStrike Outage on Critical Services
The conversation delves into the aftermath of the CrowdStrike outage, questioning the scope and severity of the incident that impacted essential services like airlines, hospitals, and 911 centers, raising concerns about the scale of the IT disruption.
Technical Failures and Security Risks in Kernel Mode
The discussion shifts to the possible technical challenges faced in kernel mode, dissecting the complexity of intrusion detection software functionality and potential risks associated with system crashes, causing a ripple effect on operational services.
Transparency and Accountability in System Updates
The debate expands to the need for transparency in software update mechanisms, emphasizing the importance of accountability in rolling out critical updates, prompting a discussion about the role of key signing, testing, and deployment strategies in ensuring system security and reliability.
Challenges in Securing Technology
Despite increasing dependency on critical technologies like OpenSSH, new vulnerabilities are still discovered, including regression of old bugs, highlighting the ongoing struggle to secure systems effectively. The podcast emphasizes the collective societal challenge in ensuring the security of existing and future technology infrastructures.
Importance of Learning from Incidents
The podcast underscores the significance of learning from incidents and near-misses, such as those experienced by organizations like CrowdStrike. By examining past failures and near misses, organizations can enhance their resilience and develop strategies to prevent larger-scale detrimental impacts in the future.
Exploring the Role of Open Source in Security
The discussion delves into the role of open source software in cybersecurity, emphasizing that open source projects require attention and resources for security just like proprietary software. The conversation highlights the complexity of leveraging open source securely and the need for a nuanced understanding beyond assumptions of inherent security in open source environments.
Bryan and Adam were joined by security expert, Katie Moussouris, to discuss the largest global IT outage in history. It was an event as broadly impactful as it will be instructive; as Bryan noted, you can see all of computing from here, from crash dumps to antitrust.
If we got something wrong or missed something, please file a PR! Our next show will likely be on Monday at 5p Pacific Time on our Discord server; stay tuned to our Mastodon feeds for details, or subscribe to this calendar. We'd love to have you join us, as we always love to hear from new speakers!
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
