![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
You highlighted the wrong portion of this article.
The complaint cites statements including from a March 5 conference call where Kurtz characterized CrowdStrike’s software as “validated, tested and certified.”
If the CEO is making claims that the software is tested and certified, then the CEO should be able to prove that claim, no matter where the software lives. It is very reasonable to say, at face value, the CrowdStrike testing pipeline was inadequate. There is a remote possibility that there were mitigating factors, eg some other common software update released right before from another vendor that contributed; given CrowdStrike’s assurances and understanding of where it falls in most supply chains I consider that to be bullshit. I personally haven’t seen anything convincing that shows a strong and robust CI pipeline magically releasing this issue.
Now shareholder lawsuits are bullshit in general and, as someone constantly pushed to release without fucking any confidence, I think it’s really fucking dumb to ever believe any software passes any inspection until you have actually looked at the CI/CD process in-depth.
I’ve got friends at Boeing on DoD contracts. Not only is it waterfall, it gets tested hardcore. My experience in private industry is the exact opposite. A consultancy I know of just lost (pretty sure) a state contract because they opened shit up to the public because, surprise surprise, they didn’t test their infra changes.
Now I will say that when I have had to manage client SLAs and there is a cost to post-release defects and change requests, testing increases. Not to the level I’m super comfortable with (which is well below perfect, mind you; I like shipping more than once in a lifetime), but a bit more.