Microsoft is under fire for its management of zero-day exploits. Recently, a person known as Nightmare Eclipse has been publicly challenging the company, sharing exploit codes and hinting they might be a former employee. This caught the attention of cybersecurity expert Kevin Beaumont, who criticized Microsoft’s response.
Microsoft has indicated it may take legal action against Nightmare Eclipse for not adhering to their “proper coordination” guidelines in reporting vulnerabilities. They’ve also suspended Nightmare Eclipse’s accounts on platforms like GitHub and GitLab. Beaumont pointed out a flaw in this approach: “It’s quite difficult to ‘responsibly’ report future vulnerabilities when you have been banned.”
What adds to the concern is the fact that Microsoft has hired people with similar backgrounds. Some of their employees have previously shared zero-day exploits publicly, and some even have criminal hacking records. Moreover, Microsoft has purchased exploits from brokers, raising questions about their credibility.
Critics argue that Microsoft’s stance on responsible disclosure may backfire. As Beaumont notes, there’s a history of decisions within Microsoft that could complicate any legal actions they consider. It’s a complex situation that highlights the challenges in cybersecurity ethics and practices today.
Interestingly, recent surveys show that many tech experts believe better communication and collaboration could lead to more effective vulnerability disclosures. A report from the Cybersecurity and Infrastructure Security Agency emphasizes the need for transparent practices among tech companies.
This situation is a reminder of the evolving landscape of cybersecurity. It raises important questions about how tech giants navigate challenges while balancing security and safety.
Source link
Microsoft,News,Security,Tech
