Microsoft Threatens Legal Action Over Exploit Disclosure

Microsoft Threatens Legal Action Over Exploit Disclosure

From Shared Security Podcast by Tom Eston, Scott Wright, Kevin Tackett

June 8, 2026 · 17 min

About this episode

The episode discusses Microsoft's legal threats over exploit disclosures and the implications for security research and customer safety.

Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare Eclipse controversy, the history of full disclosure, bug bounty incentives, and why legal threats against researchers may ultimately hurt customers. They also explain why researchers still need to follow responsible processes — and why vendors need to avoid punishing the people who help make their products safer. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. ** Links mentioned on the show ** The Verge: Microsoft is threatening legal action for disclosing exploits https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability Microsoft MSRC Blog: A shared responsibility: Protecting customers through coordinated vulnerability disclosure…

People in this episode

Hosts: Tom Eston, Scott Wright

Topics covered

  • exploit disclosure
  • responsible disclosure
  • bug bounty
  • legal threats
  • security research
  • customer safety

Keywords

  • Microsoft
  • exploit
  • disclosure
  • security
  • research
  • legal action
  • bug bounty
  • responsible disclosure

Sponsors

Guardsquare

Mentioned in this episode

Organizations: Microsoft, The Verge, Microsoft MSRC Blog

More episodes of Shared Security Podcast

Explore listener stats, chart rankings, contacts and more on the Shared Security Podcast podcast page.