CONCORDANCE LABS · INCIDENT INDEX · v0.1

Every major software outage shipped a post-mortem.
The same handful of practices failed every time.

A public, CC BY 4.0 licensed index of major publicly-documented software incidents. Each one mapped to the Concordance engineering protocols that the company's own published root-cause analysis cites as having failed.

Methodology →·JSON API·CC BY 4.0·Run a free scan →

Pattern across 3 incidents

Filtered view

The same 5 engineering practices failed in the majority of these incidents. Click any to see every incident where it failed.

4.2CI Gating
2 of 3
1.3Ticket Description Quality
1 of 3
2.6Dependency ManagementSENTINEL
1 of 3
3.9Secrets ManagementSENTINEL
1 of 3
4.3Test Coverage
1 of 3
3 of 3 incidents in this view failed at least one Sentinel-10 protocol — Concordance's set of engineering practices most degraded under AI-accelerated development. Velocity Governance thesis →
FilterCivilizational onlyEnterprise onlyAI-related only20242023202120202014× clear filters
Apache Software Foundation (Log4j)Dec 2021Civilizational
CVE-2021-44228 — JNDI injection in Log4j enables remote code execution

A JNDI lookup feature in the widely-used Apache Log4j Java logging library allowed attackers to trigger arbitrary remote code execution by crafting log messages containing JNDI lookup strings.

1.3 Ticket Description Quality4.6 Security Analysis2.6 Dependency Management
FastlyJun 2021Civilizational
Single customer config change triggers global Fastly CDN outage
1h downtime

A valid customer configuration change exposed a latent software bug in Fastly's edge servers, causing 85% of the network to return errors. Took down major sites including Amazon, Reddit, Twitch, NYT, UK gov.uk, and Stack Overflow simultaneously.

4.3 Test Coverage5.8 Feature Flagging5.7 Rollback Capability4.2 CI Gating
CodecovApr 2021Enterprise
Codecov bash-uploader supply-chain compromise exfiltrates customer secrets
29,000 affected

A threat actor exploited an error in Codecov's Docker image creation process to obtain credentials, then modified the Bash Uploader script to exfiltrate environment variables (including secrets) from customer CI environments.

4.8 Build Reproducibility3.9 Secrets Management4.2 CI Gating6.1 Incident Response
Concordance Incident Index v0.1 · CC BY 4.0 · Roadmap: 250 entries at v1.0, scaling to 5,000 with NSF SBIR Phase I.
Errata: hello@concordancelabs.com