Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>they would bankrupt before even a few percent of damages is recovered

Wouldn't that be the desirable outcome, though? Given the amount of damage they have caused, they should cease to exist.



Sort of. They need to be sued into bankruptcy. Current shareholders get completely zeroed out; the company still exists, but is sold to the highest bidder with the proceeds paid out to affected customers.

We need this so that every company board is always asking "are we investing enough to make sure this never happens to us?"


A local rooflayer is absolutely corrupt. He cheats every customer, produces leaky roofs, doesn't even pay taxes completely.

It takes 2 year for the legal system to catch up, at which point he starts a new company, bankrupts the old one, sells all his tools cheaply to the new company, and fires and rehires his workers. I've seen this game going on for 14 years now.

I think Crowdstrike would do the same: Start a new one, sell the software, fire and rehire the workers, then go on as if nothing happened


I'd call BS on this story, but I know a friend that bought a home a few years back from a homebuilder that did a similar thing, except at a whole home level. Absolute disaster. he's been chasing him for half a decade now via legal means to get things fixed.


Not really though. Whether they should continue to exist into the future should depend on if the expected positive value of their services in that future exceeds the expected damage from having a big meltdown every once in a while. That some of their devs made a fuckup doesn't mean the entire product line is now without merit.

Killing the company because they made a mistake doesn't just throw away a ton of learned lessons (because the devs will probably be scattered around the industry where their newly acquired domain knowledge will be less valuable) but also forces a lot of companies to spend resources changing their antivirus scanners. For all we know, Crowdstrike might never fuck up again after this and forcing that change would burn hundreds of millions for basically no reason.


"Whether they should continue to exist into the future should depend on if the expected positive value of their services in that future exceeds the expected damage from having a big meltdown every once in a while"

I don't think that's right, since it ignores externalities.

You want to create a system where every company is incentivized to make positive security decisions. If your response to a fuckup of unprecedented scale is just "they learned their lesson, they probably won't do that again", then the message these companies receive is that it is okay to neglect proper security procedures, because you get one global economic meltdown for free.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: