CrowdStrike outage renews supply chain concerns, federal officials say
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
A recent global IT outage caused by a faulty CrowdStrike software update has reignited concerns about the security of the software supply chain, echoing issues from the 2020 SolarWinds attack. The U.S. Government Accountability Office highlighted the event, which impacted 8.5 million Microsoft Windows systems, in a new report. The White House emphasized persistent vulnerabilities related to memory safety in software development and called for industry-wide adoption of memory-safe programming languages. Microsoft and CrowdStrike are investigating the incident, attributed to a memory safety error in the CSagent.sys driver, and are exploring prevention strategies. The Cybersecurity and Infrastructure Security Agency is collaborating with partners to assess and mitigate the repercussions of the outage.