Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation
(www.tomshardware.com)
from floofloof@lemmy.ca to cybersecurity@infosec.pub on 27 May 14:50
https://lemmy.ca/post/65504912
from floofloof@lemmy.ca to cybersecurity@infosec.pub on 27 May 14:50
https://lemmy.ca/post/65504912
threaded - newest
stop… helping…microsoft…
why anyone would trust these companies to pay out, and why anyone would help them fix their problems at this point is beyond me. let them sink and burn.
Isn’t this guy trying to make Microsoft look bad?
idk from my perspective he’s trying to show them how they really are. beauty is in the eye of the beholder
AFAIK, they historically have
They’re not “helping,” they’re trying to get paid by finding exploits legally, rather than using them illegally. And if someone is particularly good, it can be lucrative work. It’s historically been a mutually beneficial arrangement, so it’s ironic if M$lop thinks they can cut out human researchers (ostensibly swapping them for AI agents) and still maintain a secure codebase.
To me, this is M$lop trying to cut costs from the wrong thing; may they get what they deserve.
ETA: and if they make it impossible to make a living at reporting exploits legally, there’s really only one option left to make a living…
ETA? In my life experience that means estimated time to arrival. What do you mean in this context?
Edited to add
In this context, it means ‘edited to add’
Selling exploits is more of a legal gray area depending on jurisdiction and licensing.
Jokes on you security guy, Microsoft is gonna slop up a bunch more exploits in the next week and force them out windows update and your stupid exploits will be redundant