A legal and ethical conflict has erupted between software giant Microsoft and the independent security community. Instead of sending a thank-you note for the vulnerability report, Microsoft chose to threaten a criminal investigation, sparking widespread outrage.
What Happened
The incident began when a security researcher discovered a vulnerability that allowed unauthorized access to Azure data. Instead of collaborating to patch it through its Bug Bounty program, Microsoft sent a letter threatening legal action if the information was disclosed. This action is seen as going against the spirit of "Responsible Disclosure" that Microsoft itself once advocated.
Why It Matters
Security vulnerabilities are an inevitable part of technology, but how tech giants behave will shape their relationships with the white-hat hacker community. For Vietnamese security engineers, this serves as a reminder of the legal risks involved in conducting independent research projects. The incident also raises questions about the true commitment to security of major cloud platforms when they prioritize reputation over transparency.