The saga has drawn speculation from other experts, like William Dormann from Tharros, who said that “MSRC used to be quite excellent to work with. But to save money, Microsoft fired the skilled people, leaving flowchart followers. I wouldn’t be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that’s apparently an MSRC requirement now.”
. . . In this day and age, when AI-powered security research has arguably made the standard 90-day disclosure-to-patch window completely obsolete, and both time-until-exploit and unused exploits are both nearing zero, Microsoft and other software players would do well to adjust their policies.
That’s such an insane aside. 90-day disclosure-to-patch. Craziness.
On the other hand, this is exactly the way microsoft has been for - easily - 30 years. Like, 1996 microsoft could be slotted into today and literally nothing would change. Other than Nadella would probably be on a bunch of coke.
That’s such an insane aside. 90-day disclosure-to-patch. Craziness.
On the other hand, this is exactly the way microsoft has been for - easily - 30 years. Like, 1996 microsoft could be slotted into today and literally nothing would change. Other than Nadella would probably be on a bunch of coke.