Regarding the stock. I'm sure people are "buying the dip".

From an investing perspective, that's fairly foolish until the financial liability of the company has been assessed.

Time will tell whether it's foolish or not.

so much seems based on sentiment now, might not matter as much as it would have 15 years ago.

If you invest based on fundamentals and company finances, you probably haven't had many chances to buy any positions in the last decade. Stock prices are completely unhinged from company financial reports.

"This is just a demonstration about how critical our software is and how undervalued we are. If the whole world economy requires us to run, we should be worth more" /s

I am still waiting for someone saying how generative AI (= chatbots/copilot) would have solved this problem, or even "never let happen"...

Generative AI would have mandated QA as best practice and to limit corporate liability.

Yeah well, obviously they don't need AI for that.

"We have unit tests coverage of 99%".

Let's be honest. :)

>I run a software company that deploys antivirus software automatically to customers' computers and servers. What should I be aware of as part of this and what actions should I ensure occur?

I gave it this question and part of the steps included deploying to avoid peak hours to avoid potential disruptions (such as the weekend for businesses); including a way to detect deployment issues and easily rollback the software in case there is an issue; and testing the deployment in a controlled environment before rolling it out to all customers (this would include doing a small rollout before a larger one). All of these actions are very standard and all would have greatly helped in this situation.

Crowdstrike (Falcon) has all possible compliance certifications (they are PCI, FedRAMP, ISO-27001, etc.), and these often include following standard practices of SDLC, such as testing, deploying, incident management, etc. And they are much more detailed than the answer from AI.

My suspicion, as someone pointed out, is that they deployed this update as a small patch, maybe bypassing some controls and cutting some corners. I really wouldn't blame it on lack of automated tests, etc. Only crowdstrike people know how this thing possibly made it to production.

>What certifications should I have?

ChatGPT Obtaining relevant certifications can enhance the credibility of your antivirus software and reassure customers about its security, reliability, and compliance with industry standards. Here are some key certifications you should consider:

1. Security Certifications: ISO/IEC 27001: This certification specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It demonstrates your commitment to managing and protecting sensitive information. ISO/IEC 15408 (Common Criteria): This certification provides assurance that the security features of your software have been rigorously tested and meet internationally recognized standards. 2. Quality Management Certifications: ISO 9001: This certification focuses on quality management systems and ensures that your processes consistently provide products that meet customer and regulatory requirements. ISO/IEC 25010: This standard specifies a model for evaluating software quality, ensuring that your software meets high standards of functionality, reliability, usability, efficiency, maintainability, and portability. 3. Data Privacy Certifications: GDPR Compliance: If you operate in or serve customers in the European Union, demonstrating compliance with the General Data Protection Regulation (GDPR) is essential. CCPA Compliance: For customers in California, compliance with the California Consumer Privacy Act (CCPA) is important. 4. Industry-Specific Certifications: HIPAA Compliance: If your software handles protected health information (PHI) in the United States, ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) is crucial. PCI DSS: If your software processes payment card information, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is necessary. 5. Product-Specific Certifications: ICSA Labs Certification: ICSA Labs, an independent division of Verizon, provides testing and certification for security products, including antivirus software. Certification from ICSA Labs can validate the effectiveness of your software. AV-TEST Certification: The AV-TEST Institute is an independent research institute that evaluates and certifies antivirus software for its protection, performance, and usability. An AV-TEST certification can enhance your product’s credibility. VB100 Certification: Virus Bulletin (VB) offers the VB100 certification, which is awarded to antivirus products that meet specific criteria for detecting known malware without generating false positives. OPSWAT Certification: OPSWAT offers certifications that validate the interoperability and effectiveness of cybersecurity products, including antivirus software. 6. Environmental and Occupational Health Certifications: ISO 14001: This certification demonstrates your commitment to environmental management, which can be important for corporate social responsibility (CSR) and sustainability. ISO 45001: This certification focuses on occupational health and safety management systems, ensuring a safe and healthy workplace for your employees.

"I asked ChatGPT how to prevent this and here's what it said. <generic bullet points about software testing> AI would have prevented this."

Every major outage when I worked at Google caused stock price to increase for this exact reason.

IT is always considered a cost until execs realize its critical to the company's existence. Keeping the lights on always seems to be undervalued. :(

You’re joking but I actually think this is part of how the CEO will frame things to investors.