Microsoft Defender pushed a signature update on April 30th that flagged DigiCert's root certificates as malware. For about ninety minutes, enterprise endpoints across the internet started removing the certificates that validate roughly half of public web traffic. The signature update was, in Microsoft's framing, working as designed.

The panel works out what "working as designed" actually means in this context. The Legacy Sysadmin places it in a thirty-year arc of antivirus software taking down the systems it was supposed to protect. The Burnt-Out SRE walks through what the incident looked like at 3 AM from inside a NOC. The Paranoid CISO declines to reach for a nation-state attribution and instead names the actual problem: the threat detection vendor and the certificate authority are both root-trust holders, and there is no audit layer unde ...