Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Microsoft faces criticism for its handling of zero-day vulnerabilities. A guy by the name Nightmare Eclipse has been publicly feuding with the company, posting proof-of-concept exploit code. Some of their posts suggest they are disgruntled former employees. But what caught the attention of a cybersecurity researcher Kevin Beaumont It was eye-opening how Microsoft has He responded.
Microsoft suggests it plans to bring Criminal case Against Nightmare Eclipse for failing to follow “proper format” in disclosing vulnerabilities. They also disabled Nightmare Eclipse’s GitHub, GitLab, and Microsoft Security Response Center. Accounts are disabled. As Beaumont points out, “It is very difficult to ‘responsibly’ report future vulnerabilities when you have been banned.”
What bothers Beaumont is that Microsoft hired people who did many of the exact same things. They hired people who posted zero-day exploits publicly, some of whom had criminal hacking convictions on their record. Microsoft has also purchased exploits from brokers.
If Microsoft’s tactic is to try to criminalize failure to follow often arbitrary “responsible disclosure” frameworks, it would be fortunate to defend that in court — because there is a whole clown car of advance decision making within Microsoft and facts that will emerge in the process.
