CrowdStrike outage renews supply-chain concerns, federal officials say

Federal officials said the global IT outage stemming from a faulty CrowdStrike software update is raising prior concerns about the security of the software supply chain.

The U.S. Government Accountability Office released a report Tuesday noting the July 19 outage, which led to the disruption of 8.5 million Microsoft Windows systems. The CrowdStrike incident resurrected concerns raised during the state-linked supply chain attack against SolarWinds in 2020, according to the GAO.

The CrowdStrike incident highlights specific warnings about memory safety issues in software development, the White House said on Thursday The remarks build on a February report that raised questions about the link between memory safety issues and software vulnerabilities.

“ONCD has been diligently working to address the multifaceted challenge of ensuring our nation’s cybersecurity,” a spokesperson for the Office of the National Cyber Director told Cybersecurity Dive via email Thursday. “As part of the implementation of the National Cybersecurity Strategy, our office continues to look at the hard problem of memory safety vulnerabilities.”

ONCD released a report in February calling on the tech industry to adopt memory safe programming languages and memory safe chip architecture. It also called on the research community to help improve the ability to diagnose and measure software security.

Companies including SAP, Palantir and Hewlett Packard Enterprise backed the administration’s effort to embrace memory safe code.

To read the complete article, visit Cybersecurity Dive.