Email or username:

Password:

Forgot your password?
Stuart's posts Post Back to profile
Top-level
Grant Gould

@hmhackmaster @puck @JessTheUnstill @Aphrodite @calamari
Much like "if you haven't done your restore procedure, you don't have a backup procedure," if you haven't actually invoiced or sued a vendor for screwing up, you haven't actually transferred liability to your vendor.
Vendor accountability is 99% imaginary.

21 July at 14:53 | Wall-to-wall | Open on hachyderm.io
2 comments
Michael Potts (HMHackMaster)

@nonnihil I think you are completely right from a business point of view, but from some upper-management person's viewpoint the "it's the vendors responsibility" is the path to ensure their decision can't come back to bite them.
Whatever VP or CISO who approved Crowdstrike for an org isn't gonna lose their job over this.

@puck @JessTheUnstill @Aphrodite @calamari

21 July at 15:02 | Open on boldcity.social
Jess👾

And honestly, there's no way that you CAN'T put some level of trust in your suppliers. Whether it's AWS or Google Workspace or Windows or Microsoft365 or any of your anti-malware vendors or anything else, if they have a major outage, it's going to cripple your business for a while. They'll build terms into the contract about stability and reliability, but at the end of the day, if one of your critical suppliers fucks up, it's going to take you down. You pick the least bad of the options and pray.

@hmhackmaster
@nonnihil @puck @Aphrodite @calamari

And honestly, there's no way that you CAN'T put some level of trust in your suppliers. Whether it's AWS or Google Workspace or Windows or Microsoft365 or any of your anti-malware vendors or anything else, if they have a major outage, it's going to cripple your business for a while. They'll build terms into the contract about stability and reliability, but at the end of the day, if one of your critical suppliers fucks up, it's going to take you down. You pick the least bad of the options and pray.

21 July at 15:31 | Open on infosec.exchange
Go Up