Technology

Eclipse implies that Microsoft ignored or refused their zero-day reports and/or did not pay out bounties as requested, somehow causing financial harm in the process.

“Somehow?”

Were the bounties not earned? Because simply not paying as a promised for services rendered is a very clear financial harm.

Responsible disclosure is a kindness; it is not required--especially if/when the vendor doesn't act in good faith.

MS shouldn't be able to silence researchers, but that's what the industry gets by voluntarily clustering around a single, proprietary service.

I don't think either party should be compelled to take (or reverse) any action.

Too bad there aren't any GitHub alternatives for them to post future exploits on.

If she's going for maximum damage, I am surprised this person doesn't just announce when she's found a big exploit, and then just sell it to up to 10 people, and then announce in very vague terms what the exploits are. (Like, "just sold exploit for windows defender" or "just sold way to hack into bitlocker").

It seems like the vagueness of such things would make corporations more worried about being hacked and Microsoft could only guess as to what specific code was hacked, costing them greater resources.

Yes, it would be illegal, and therefore I hope she doesn't do that and recommend against it. But I am just surprised, given the level of anger, that she has been approaching things in a way that is so easy to patch.

Is her approach more damaging the way she's actually doing it?

HACK THE PLANET's windows

friendly reminder there is a github replacement for opensource made by framasoft I think

Best of luck to him on his crusade. Full support!

Microsofts been spitting at the rain for decades