819
Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation (www.tomshardware.com)
submitted 1 day ago by throws_lemy@reddthat.com to c/technology@lemmy.world
112 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] echodot@feddit.uk 10 points 16 hours ago

There was a protocol for reporting security vulnerabilities. Of course some companies don't follow the protocol when vulnerabilities are reported to them, but that's their problem.

You report the problem and then you wait 1 month, if the company still hasn't fixed the issue by then, then you publicly announce it.

[-] jjlinux@lemmy.zip 2 points 11 hours ago

Unless it is an open source piece of software, any vulnerability I find will be publicly posted while I remove all software using it from all my devices and infrastructure.

[-] Jason2357@lemmy.ca 1 points 38 minutes ago

That's the difference between a security researcher who gives, and does not give a shit about peoples security.

The grace period is to protect people by giving the company time to send out patches. At 1 month, they publish the exploit to shame the company and get the cred either way.

[-] echodot@feddit.uk 1 points 1 hour ago

The thing is if you want to continue working in the industry you have to give people the benefit of the doubt and give them time to fix the issue. If you don't do that you're very quickly find yourself to be out of a job no one wants to lose cannon, is bad for business.

[-] Jason2357@lemmy.ca 1 points 36 minutes ago

Its not even the benefit of the doubt. They still publish and name and shame at 1 month. Its just to avoid harm to the users who the security researchers are ostensibly working to protect.

this post was submitted on 27 May 2026
819 points (100.0% liked)

Technology

84981 readers
3176 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws