Microsoft has been mum on any details about these matters, so it’s hard to tell if the situation is about an uncooperative researcher who doesn’t follow standard disclosure rules or a company being difficult about security reports. Regardless, the move to ban Eclipse’s GitHub account makes for poor optics, as it is being heavily criticized, and ultimately achieves nothing for security, since the code is out there anyway.
Classic Streisand effect. Just two years ago Satya Nadella publicly announced they’re prioritizing security above all else, but now have nothing to say about these exploits and are trying to silence the researcher? Viewing from the sidelines, it did seem a bit reckless how Eclipse was dropping these as zero days, but Microsoft’s actions speak louder than words and they probably didn’t pay for the bounties.
He also intentionally did it the day after patch Tuesday. July 14th is also Patch Tuesday. This is about retribution for him. How you view that is going to depend on your world view. I doubt any of us feel bad for Microsoft though XD
Classic Streisand effect. Just two years ago Satya Nadella publicly announced they’re prioritizing security above all else, but now have nothing to say about these exploits and are trying to silence the researcher? Viewing from the sidelines, it did seem a bit reckless how Eclipse was dropping these as zero days, but Microsoft’s actions speak louder than words and they probably didn’t pay for the bounties.
He also intentionally did it the day after patch Tuesday. July 14th is also Patch Tuesday. This is about retribution for him. How you view that is going to depend on your world view. I doubt any of us feel bad for Microsoft though XD
And I fully believe it’d be some kind of justified retribution. The silence from Microslop’s side is deafening.