alt Hacker NewsI guess I'll play devil's advocate here, don't shoot me.
Over the course of my career I've had to deal with multiple hacks, DDOSes, and even situations working with the FBI. It's a mess, and extremely frustrating and unfair to those of us who are just trying to do a good job and make a living. Those of you who are throwing stones at Microsoft's coding, how confident are you that your code is safe from this new AI age?
Obviously MS handled this poorly, even after reading this article it's not clear how MS handles bug bounties. But that doesn’t mean this “researcher” deserves a pass.
Releasing 0-days, especially working exploit code for unpatched vulnerabilities, is extremely unethical. It has real potential to cause a lot of harm to regular engineers, and users who had nothing to do with the dispute.
I don't think it's their fault for not making code without exploits. I do think they should try and close them in a timely fashion when the exploit is pointed out though - the longer they wait the more chance bad actors find it in addition to the security researchers. Ultimately they need to cooperate here for users to be safe.