Following the global outage caused by CrowdStrike’s failure in the validation and verification of new content delivered to thousands of clients (detailed in their Root Cause Analysis Report), we have grown increasingly concerned about the automatic delivery of content to endpoints. Such deliveries can potentially lead to system outages or other significant impacts on our clients and platforms.
Our primary concern lies with the Fixlets and Analyses released by HCL BigFix. It is well understood that malformed or inadequately tested relevance code can cause performance issues on endpoints attempting to evaluate the content. On a few times, I have encountered actions that fail due to improperly written actionscript commands, raising questions about the thoroughness of testing prior to release.
Could you please provide information or documentation on how HCL BigFix tests and verifies content in real-world scenarios before releasing it to customers? Is there any publicly available resource that outlines your testing and verification processes?
Hello, we do understand increasing customer concerns in this area.
At HCL BigFix we implement extensive product testing on the content (Fixlets, Tasks and Analyses) that we deliver.
With respect to the likelihood of events like to mentioned Crowdstrike one, to be possibly affecting BigFix, you should consider the following:
The content is tested in advance on HCL systems before release
The automatic distribution of new/updated content is limited to the relevance/applicability. Actions are only taken after an operator’s initiative.
Should a malformed/inadequate relevance be delivered, it could potentially adversely impact the agent evaluation loop, resulting in slower execution of BigFix actions and reports. By default, the agent is capped to 2% CPU, so no other adverse effect is expected on any other functionality of the computer.
For more information about HCL BigFix process and attention to security, please refer to: