Director and Head of Risk & Compliance at Affinidi | Self-Sovereign Identity | Web 3.0 | E-commerce | Ex JPMorgan, Standard Chartered | Singapore Citizen
While giving Crowdstrike the autonomy to push updates without prior MSFT permission (as is being reported now), not sure why MSFT didn't reserve the right to check each time in massive details as to how Crowdstrike first did extensive pre-launch testing in a controlled environment before releasing the new update into production. The more you allow a vendor to integrate, the more rigorous and thorough your oversight needs to be. Autonomy and Rigour are two separate things, not to be conflated. The buck still stops at MSFT. (To cite a parallel, a car manufacturer has to take full responsibility for a component supplied by a component supplier. They cannot pass the buck.). #thirdpartyrisk #vendorriskmanagement #MSFT.