CrowdStrike president Michael Sentonas personally accepted a “Most Epic Fail” award over the weekend at the annual Las Vegas Def Con hacking conference for the company’s software update that caused a global IT outage last month. While accepting the award, he said it was “super important to own it when you do things horribly wrong, which we did in this case.”
The Pwnie Awards, given out in an annual ceremony at Def Con, celebrate “the achievements (and failures) of security researchers and the security community.” This year’s categories included awards for mobile, desktop, and crypto bugs, one for “Lamest Vendor Response,” and an “Epic Achievement” award for researchers who discovered critical vulnerabilities.
During his speech, Sentonas said the Pwnie is “definitely not the award to be proud of receiving” but added that he will bring it to CrowdStrike headquarters, where “it’s gonna sit [in] pride of place because I want every CrowdStriker who comes to work to see it.” Last year’s “Most Epic Fail” award went to the US Transportation Security Administration after a hacker discovered the agency’s “no-fly” list on an unprotected internet-connected server. (Something similar happened in 2021 as well.)
CrowdStrike blamed a test software bug for the faulty update and promised to update its testing and error handling as well as to start staggering updates to prevent anything similar from happening in the future.