The Kernel of the Matter: CrowdStrike and the Future of Software Regulation

The July 2024 CrowdStrike saga reflected the incredibly fragile software ecosystem which  sustains modern life as we know it. The neglect of basic principles of software development by just one vendor brought down 8.5 million computers and an array of essential services around the world. Indeed, the incident demonstrated the self-made threat to our very existence from our failure to regulate software security. We have allowed vendors themselves to govern the security of their products and thus evade accountability for harms from their insecure products to our economic wellbeing, public health and national security. Governments have also failed to robustly check concentrations in markets for (security-critical) software, amplifying the software security problem. In turn, we face systemic national security risks of the sort that were indeed realised in the CrowdStrike incident.

To interrogate these issues and meditate on ideal multi-stakeholder policy responses, join the Social Cyber Institute for a discussion…