Microsoft clarifies it won't pursue legal action against security researchers after zero-day disclosure controversy
By
Alexander Martin
Summary
Microsoft has clarified it will not take legal action against security researchers who responsibly disclose vulnerabilities, following backlash over a blog post that condemned uncoordinated zero-day releases. The company's statement came after the pseudonymous researcher Nightmare Eclipse published Windows zero-day exploits, which Microsoft initially criticized as enabling criminal actors. Microsoft now says it is taking community feedback seriously and has no intention to pursue researchers conducting or publishing security research.
Source
bskyMicrosoft clarifies it won't pursue legal action against security researchers after zero-day disclosure controversytherecord.mediaKey quotes
· 3 pulledMicrosoft said it has 'no intention to pursue action' against security researchers who uncover vulnerabilities and publish their findings
The post had condemned a recent series of uncoordinated Windows zero-day releases as 'never justifiable'
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research
You might also wanna read
Microsoft bans security researcher from GitHub after zero-day exploit posts; researcher threatens retaliation
A security researcher known as Nightmare-Eclipse (Chaotic Eclipse) has been banned from Microsoft's GitHub platform after allegedly posting
tomshardware.com·28d agoMicrosoft bans security researcher from GitHub after zero-day exploit posts; researcher threatens retaliation
A security researcher known as Nightmare-Eclipse (Chaotic Eclipse) has been banned from Microsoft's GitHub platform after allegedly posting
tomshardware.com·28d ago
Microsoft zero-day feud escalates as researcher threatens major exploit release on July 14
The ongoing feud between Microsoft and security researcher Nightmare Eclipse (aka Chaotic Eclipse) has escalated, with the researcher having
theregister.com·26d agoMicrosoft zero-day feud escalates as researcher threatens major exploit release on July 14
The ongoing feud between Microsoft and security researcher Nightmare Eclipse (aka Chaotic Eclipse) has escalated, with the researcher having
theregister.com·26d ago
Anonymous researcher releases two new Windows zero-day exploits after Patch Tuesday
An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker
theregister.com·29d agoAnonymous researcher releases two new Windows zero-day exploits after Patch Tuesday
An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker
theregister.com·29d ago
Security researcher publishes YellowKey zero-day exploit that bypasses Microsoft BitLocker encryption via USB stick
Security researcher Chaotic Eclipse (Nightmare-Eclipse) has published two new zero-day exploits targeting Microsoft systems after their prev
tomshardware.com·1mo ago
Why the 90-day responsible disclosure policy is obsolete in the age of LLMs
The article argues that the traditional 90-day responsible disclosure window for security vulnerabilities is obsolete in the age of LLMs. Th
Himanshu Anand :: Threat Notes·1mo ago
Google detects and blocks first known AI-assisted zero-day exploit
Google's Threat Intelligence Group has detected and stopped what it says is the first known zero-day exploit developed with AI assistance. T
The Verge·1mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.