Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
Summary
Microsoft and a security researcher named Nightmare Eclipse are publicly feuding over the handling of vulnerability disclosures. The researcher claims Microsoft rebuffed their attempts to report bugs, leading to public disclosure, while Microsoft asserts the disclosures were not coordinated and created unnecessary risk.
IFF Assessment
This article details a conflict between a major tech company and a security researcher regarding disclosure practices, highlighting potential friction and negative experiences for researchers engaging with vendors.
Severity
Defender Context
This incident highlights the challenges in coordinated vulnerability disclosure and the potential for adversarial relationships between researchers and vendors. Defenders should be aware of the ongoing tensions and ensure their own vulnerability management processes are transparent and supportive of security researchers.