Microsoft Has Forgotten Its Vulnerability Disclosure History

Microsoft Has Forgotten Its Vulnerability Disclosure History

From Decipher Security Podcast by Decipher

May 29, 2026 · 46 min

About this episode

The episode discusses Microsoft's recent actions regarding vulnerability disclosure and the implications for security researchers.

The recent Nightmare-Eclipse zero day drop and attendant drama has stirred up all kinds of trouble and unfortunately spurred Microsoft to publish a post scolding security researchers for not using the "proper channels" to disclose bugs, threatening legal action, and generally dredging up every hobby horse from the threadbare disclosure debate. Links MSRC post: https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure Decipher story: https://decipher.sc/2026/05/28/the-past-is-always-present-in-vulnerability-disclosure/ Expel event: https://info.expel.com/event-mythos-unhappy-hour.html

People in this episode

Host: Decipher

Topics covered

  • vulnerability disclosure
  • cybersecurity
  • Microsoft
  • security researchers
  • legal threats

Keywords

  • Microsoft
  • vulnerability disclosure
  • cybersecurity
  • security researchers
  • legal action

Mentioned in this episode

Organizations: Microsoft, MSRC, Decipher

More episodes of Decipher Security Podcast

Explore listener stats, chart rankings, contacts and more on the Decipher Security Podcast podcast page.