Urgent Lessons from the CrowdStrike Disaster

&gt; the root cause of the disastrous security update to its Falcon Sensor program was a null pointer error in its C++ code. CrowdStrike appears to deny this.<p>The cited CS statement is not that. It is a statement the fail was &quot;not related to null bytes contained in ...any... Channel File&quot;.<p>Very different.

The urgent lesson is recklessly trusting some 3rd party code to play nicely inside ring 0 will eventually be fatal. Anything else is a layer above the root-cause.