Hey Danielle Linn, how's your extended tour of the Atlanta airport?
What!? Windows 3.1 / Windows 95 computers immune to the CrowdStrike worldwide IT outage? Oh the irony: Southwest Airlines still uses these ancient operating systems for staff scheduling systems, and the reason they are unaffected, is simply because they don't get software updates. LSA Digital's very own Danielle Linn is still stuck in Atlanta because other airlines use modern, updated software. The WRONG lesson here, is to use old, out of date technology. It's all to easy to think, "oh it's on the intranet, no one will hack it", but from a Zero Trust cybersecurity principles perspective, we have to worry about security INSIDE the perimeter, not just outside. A BETTER lesson is to consider a 1-2 punch combo: (1) An Application Portfolio Rationalization to find the highest-criticality, highest-risk technology and "AT LEAST" properly maintain (patch) it, or otherwise modernize it (and you can ask Keith Mangold and Anthony Phillips about that) https://lnkd.in/e9eaXEic (2) Make sure those patches are trusted via a Secure Software Supply Chain principles - e.g., Software Bill of Materials (SBOM) are free from malware, and preferably, certification that the organization providing the patch has QA processes in place for assurance around things like sufficient testing -- e.g., progressive rollout of patches ("smoke testing") (and you can ask Ben Amaba, PhD, PE, CPIM, LEED AP and Cate Richards from Sonatype about the second punch) https://lnkd.in/eu7Y5vzJ #sbom #devsecops #softwaresupplychain #ApplicationRationalization #ITPortfolioManagement #EnterpriseArchitecture