The week after CrowdStrike
It's been a week... Given everything that's happened lately, it's hard to believe that the CrowdStrike outages hit only a week ago. We're now deep in the clean-up phase of that particular disaster and while the blame for this particular incident falls squarely on CrowdStrike, it's been interesting to watch how Microsoft is reacting as well. It was Windows machines, after all, that were affected by this issue and quite a bit of media attention focused on that, not CrowdStrike, which is (or was?) pretty much unknown to a mainstream audience. A headline that mentions Microsoft is always going to get more clicks than one that mentions CrowdStrike.
The company line at Microsoft is that the company wasn't able to make Windows more secure because of a 2009 agreement with the EU that ensured that third-party security tools would get the same access to the Windows kernel as Microsoft's tools. It looks like Microsoft will use the CrowdStrike incident to either push back on this requirement or figure out ways to secure its kernel better. Let's see how that plays out in the next few weeks.
My colleague Ron also talked to a few experts about best practices in software testing to avoid issues like this in the first place:
Adv-VANTA-ge
I spent more time editing than writing this week, but I did get a few stories out. The most important of these is the $150 million in funding for Vanta (now valued at $2.45 billion), a startup that helps businesses automate their security and compliance processes.
Is that the most exciting of problems to solve for a startup? Obviously not, but if you're selling into an enterprise today, chances are you need to be able to show SOC 2 compliance and your adherence to a few more similar standards as well.
What was interesting in my conversation with Christina Cacioppo, the co-founder and CEO of Vanta, was that she is starting to position the company to focus more broadly on 'trust.'
“Vanta today, we still do a lot of SOC 2, but a lot of what we’re building is around how do you help companies build out their security programs?” Cacioppo told me. “And then how do they go get credit? There’s a compliance piece, there’s the trust centers, there’s real-time security status pages and questionnaire automation, but the thesis behind a lot of that is: if you can give people credit — which really means revenue — for showing off all the good security work they’ve done, they will do more good security work. … When we talk about trust, a lot of trust in software, especially B2B software, it’s around: Can I trust you with my customers’ data?”
SPACs still exist
Another story I wrote this week was about Cyabra, a startup that helps businesses and governments track down fake social media accounts that spread mis- and disinformation. Cyabra went public by merging with a SPAC, something I hadn't seen for a long time – and something that's gone rather out of favor in recent years.
For that story, I got a comment from Mike Pompeo – yes, that Mike Pompeo. "Cyabra is a crucial partner in the fight against disinformation," he said. "Their capabilities in uncovering inauthentic accounts, false narratives, and manipulated AI content are vital for protecting democracy and safeguarding national security. Cyabra’s dedication to these goals makes them an essential ally in our efforts to defend against threats to our nation."
I couldn’t mention this in the TechCrunch story, but there’s irony in someone who defended a habitual liar like Trump now fighting misinformation.
And that's that for this week. I've got about half a dozen new mechanical keyboards under my desk that I need to test and write about, so expect a lot of content about switches, keycaps and thock in the next few weeks.