At the annual Def Con hacking conference in Las Vegas, CrowdStrike president Michael Sentonas accepted a “Most Epic Fail” award for the company’s software update that led to a global IT outage last month. The Pwnie Awards, presented during this event, recognize both the successes and failures in the security research community, with categories ranging from notable vulnerabilities to vendor mishaps.
Acceptance Speech and Acknowledgment- CrowdStrike
During his acceptance speech, Sentonas emphasized the importance of accountability, stating, “It’s super important to own it when you do things horribly wrong, which we did in this case.” He acknowledged that while the Pwnie is not an award to be proud of, it will serve as a reminder at CrowdStrike’s headquarters, symbolizing the need for constant vigilance and improvement.
The Incident
CrowdStrike’s award resulted from a software update that caused Windows machines worldwide to fail, leading to significant disruptions, including outages at airlines like Delta. The update issue was so severe that it prevented remote recovery of the affected systems, prompting Microsoft to consider restricting kernel access to companies like CrowdStrike.
CrowdStrike attributed the failure to a test software bug and committed to revising its testing procedures and error-handling processes. The company plans to implement staggered updates in the future to prevent similar incidents from occurring.
The Pwnie Awards
The Pwnie Awards are known for humorously acknowledging both triumphs and blunders within the cybersecurity community. Other categories in the awards include recognition for mobile, desktop, and crypto bugs, as well as the “Lamest Vendor Response” and “Epic Achievement” awards for significant vulnerability discoveries.
Last year’s “Most Epic Fail” award went to the U.S. Transportation Security Administration after a hacker discovered the agency’s “no-fly” list on an unprotected internet-connected server, highlighting recurring issues within the security landscape.
CrowdStrike’s Response
In response to the incident, CrowdStrike is taking proactive steps to enhance its internal processes and ensure such an oversight does not happen again. Sentonas’s decision to display the award at their headquarters underscores the company’s commitment to learning from its mistakes and striving for better security practices in the future.