I agree that this shouldn't have happened but it's impossible to have manual oversight of content updates. There are dozens of them each day. The best you can do is staggered deployment with automated monitoring to detect issues and put a block on it. Even a once a day update is not responsive to serious zero-day threats that could worm their way through a corporate network within half an hour.

Crowdstrike absolutely needs better quality control and checks on their content updates. I do think that some form of staggered approach is good, but it has to be limited with short time intervals, and also needs to be responsive to some sort of metadata on content tagging (e.g., criticality).

But this is a bit of a damned if you do and damned if you don't situation. This has been something talked about in tech resiliency circles for years because it has very difficult tradeoffs.

Saying no adversary has done as much damage as this is questionable. The Colonial Pipeline incident was pretty impactful. Dozens of companies have suffered major operational outages from attackers. And we ignore the counterfactual of a world where these platforms don't exist with these rapid updates that make breaches even easier and likely to cause more damage.