CONCORDANCE LABS · INCIDENT INDEX · v0.1

Every major software outage shipped a post-mortem.
The same handful of practices failed every time.

A public, CC BY 4.0 licensed index of major publicly-documented software incidents. Each one mapped to the Concordance engineering protocols that the company's own published root-cause analysis cites as having failed.

Methodology →·JSON API·CC BY 4.0·Run a free scan →

Pattern across 2 incidents

Filtered view

The same 5 engineering practices failed in the majority of these incidents. Click any to see every incident where it failed.

2.6Dependency ManagementSENTINEL
1 of 2
3.5Approval Rigor
1 of 2
3.6Code OwnershipSENTINEL
1 of 2
3.9Secrets ManagementSENTINEL
1 of 2
4.6Security AnalysisSENTINEL
1 of 2
2 of 2 incidents in this view failed at least one Sentinel-10 protocol — Concordance's set of engineering practices most degraded under AI-accelerated development. Velocity Governance thesis →
FilterCivilizational onlyEnterprise onlyAI-related only20242023202120202014× clear filters
OktaOct 2023Enterprise
Okta support-portal HAR file leak exposes 134 customer environments
134 affected

A threat actor used a service-account credential stored in a personal Google account to access Okta's customer-support case-management system and download HAR files containing session tokens for 134 customer organisations.

3.9 Secrets Management3.5 Approval Rigor3.6 Code Ownership
Progress Software (MOVEit)May 2023Civilizational
CVE-2023-34362 SQL injection in MOVEit Transfer leads to mass data theft
$12B · 95M affected

A pre-authentication SQL injection vulnerability in Progress's MOVEit Transfer file-transfer software was exploited by the Cl0p ransomware group to exfiltrate data from over 2,700 organisations.

4.6 Security Analysis4.7 Dependency Scanning2.6 Dependency Management
Concordance Incident Index v0.1 · CC BY 4.0 · Roadmap: 250 entries at v1.0, scaling to 5,000 with NSF SBIR Phase I.
Errata: hello@concordancelabs.com