For most regular users, auto-updates for security patches are best practice. There should be no barriers to timely fixes in security. That’s because people have put their trust in companies to provide safe, secure and ongoing services. It should be as easy as possible for everyday users to be as safe as possible.
For large companies and service providers with thousands or millions of users, the situation may be more complex. A more bespoke process of review and oversight may be required. But in any case, we believe that both CrowdStrike and Microsoft could have had a better system in place to allow for the Falcon sensor auto-update to have been rolled out without causing such enormous disruption.
Automatically applying security updates is another reason for making a clear distinction between security updates and feature updates. The latter improve (or at least change) software functionality rather than fix dangerous problems and should not normally be applied automatically. Too often we see companies bundling together security and feature updates, meaning that users cannot install one without the other. That’s a problem, especially if a weaker system for testing feature updates pollutes the process for security updates, or if users are prevented from having the latest security updates installed because they don’t want or their device does not support the feature updates.
More/Source: http://privacyinternational.org/long-read/5507/crowdstrike-what-2024-outage-reveals-about-security