
Microsoft Has Forgotten Its Vulnerability Disclosure History
From Decipher Security Podcast by Decipher
May 29, 2026 · 46 min
About this episode
The episode discusses Microsoft's recent actions regarding vulnerability disclosure and the implications for security researchers.
The recent Nightmare-Eclipse zero day drop and attendant drama has stirred up all kinds of trouble and unfortunately spurred Microsoft to publish a post scolding security researchers for not using the "proper channels" to disclose bugs, threatening legal action, and generally dredging up every hobby horse from the threadbare disclosure debate. Links MSRC post: https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure Decipher story: https://decipher.sc/2026/05/28/the-past-is-always-present-in-vulnerability-disclosure/ Expel event: https://info.expel.com/event-mythos-unhappy-hour.html
People in this episode
Host: Decipher
Topics covered
- vulnerability disclosure
- cybersecurity
- Microsoft
- security researchers
- legal threats
Keywords
- Microsoft
- vulnerability disclosure
- cybersecurity
- security researchers
- legal action
Mentioned in this episode
Organizations: Microsoft, MSRC, Decipher
More episodes of Decipher Security Podcast
- The Shrinking Exploit Window, Patch Schedule Changes, and the Vulnpocalypse · June 12, 2026 · 33 min
- How The Conversation Predicted Our Surveillance Society 50 Years Ago · June 8, 2026 · 59 min
- Shai Hulud Returns, How Attackers are Using AI, and More Weird MSRC Behavior · June 5, 2026 · 37 min
- Lessons in Resilience, Perseverance, and Leadership With Matt Eversmann · May 25, 2026 · 1h 18m
- Chain Chain Chain of Compromises · May 22, 2026 · 22 min
- What the Data Tells Us About Claude Mythos and Bug Exploitability | Jay Jacobs and Michael Roytman · May 19, 2026 · 44 min
Explore listener stats, chart rankings, contacts and more on the Decipher Security Podcast podcast page.