news.volyx.in

GitHub bans security researcher who posted zero-day Windows exploits (tomshardware.com)

568 points by possibilistic · 46 days ago · 256 comments on HN

Article summary

Microsoft has banned a security researcher's GitHub account after they posted zero-day Windows exploits, which the researcher claims is a vindictive move. The researcher, who has published several zero-day exploits, alleges that Microsoft refused to pay them for their findings and instead tried to silence them. The researcher has moved to GitLab, but their account was also blocked there. The incident has sparked a debate about Microsoft's handling of security vulnerabilities and its treatment of researchers.

Main themes

  • Microsoft's security policies
  • Zero-day exploits
  • Researcher compensation
  • GitHub and GitLab
  • Corporate accountability
  • Security vulnerability disclosure

What commenters say

  • Microsoft's actions against the researcher are seen as vindictive and counterproductive to improving security.
  • The researcher's behavior is perceived as unhinged and entitled, justifying Microsoft's decision to ban them.
  • The incident highlights the need for better communication and compensation for security researchers who discover vulnerabilities.
  • Microsoft's handling of the situation may drive researchers to sell exploits to nation-states or other third parties instead of reporting them to the company.
  • The blocking of the researcher's account on both GitHub and GitLab raises concerns about censorship and the suppression of security information.
  • Some argue that the researcher's actions are a form of retaliation against Microsoft's alleged mistreatment, while others see it as a reckless and irresponsible behavior.
  • The debate surrounding the incident reflects a broader discussion about the ethics of security research and the responsibilities of corporations in handling vulnerabilities.
  • The researcher's ability to find gainful employment in the security field is questioned, with some arguing that their skills would be valuable to government agencies or other organizations.