Microsoft says it will not pursue security researchers after zero-day backlash
6 hours ago
- #vulnerability disclosure
- #Microsoft policy
- #cybersecurity
- Microsoft reversed its stance, stating it will not take legal action against security researchers who publish vulnerabilities.
- The company acknowledged shortcomings in handling researcher relationships and is adopting more neutral language.
- Following backlash, Microsoft shifted terminology from 'responsible disclosure' to 'Coordinated Vulnerability Disclosure.'
- Researcher Nightmare Eclipse alleges account deletion, withheld payments, and announced a new Secure Boot bug.
- Microsoft denies removing MSRC accounts and commits to respectful engagement with the security community.