this post was submitted on 27 May 2026
806 points (99.1% liked)
Technology
84971 readers
5222 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't feel bad for Microsoft, but responsible disclosure is about more than that.
It's ethical. It gives the developer time to correct an error before it has the potential to affect anyone using their products. When you don't follow that process, whether one set out by the developer, or a best effort on your part, you are now contributing to the potential harm caused by that vulnerability.
This isn't universal, and I have no doubt that Microsoft is also partly to blame, but there's a significant element of attention seeking in the mix here. They could have reached out to other security researchers, validated the findings in private and found another channel to work through. Maybe he tried, but largely it seems like his actions are retaliatory and broadly harmful to anyone who has to administer these products.
I have a lot of respect for security researchers. My job relies on the work they do and the skill it takes to do it. But part of that relies on doing things in a way that minimizes potential harm.
Microsoft clearly doesn't care about ethics if they're putting backdoors in their product...