CONCORDANCE LABS · INCIDENT INDEX · v0.1

Every major software outage shipped a post-mortem.
The same handful of practices failed every time.

A public, CC BY 4.0 licensed index of major publicly-documented software incidents. Each one mapped to the Concordance engineering protocols that the company's own published root-cause analysis cites as having failed.

Methodology →·JSON API·CC BY 4.0·Run a free scan →

Pattern across 2 incidents

Filtered view

The same 5 engineering practices failed in the majority of these incidents. Click any to see every incident where it failed.

3.9Secrets ManagementSENTINEL
2 of 2
3.5Approval Rigor
1 of 2
3.6Code OwnershipSENTINEL
1 of 2
4.2CI Gating
1 of 2
4.8Build Reproducibility
1 of 2
2 of 2 incidents in this view failed at least one Sentinel-10 protocol — Concordance's set of engineering practices most degraded under AI-accelerated development. Velocity Governance thesis →
FilterCivilizational onlyEnterprise onlyAI-related only20242023202120202014× clear filters
OktaOct 2023Enterprise
Okta support-portal HAR file leak exposes 134 customer environments
134 affected

A threat actor used a service-account credential stored in a personal Google account to access Okta's customer-support case-management system and download HAR files containing session tokens for 134 customer organisations.

3.9 Secrets Management3.5 Approval Rigor3.6 Code Ownership
CodecovApr 2021Enterprise
Codecov bash-uploader supply-chain compromise exfiltrates customer secrets
29,000 affected

A threat actor exploited an error in Codecov's Docker image creation process to obtain credentials, then modified the Bash Uploader script to exfiltrate environment variables (including secrets) from customer CI environments.

4.8 Build Reproducibility3.9 Secrets Management4.2 CI Gating6.1 Incident Response
Concordance Incident Index v0.1 · CC BY 4.0 · Roadmap: 250 entries at v1.0, scaling to 5,000 with NSF SBIR Phase I.
Errata: hello@concordancelabs.com