
Microsoft Threatens Legal Action Over Exploit Disclosure
From Shared Security Podcast by Tom Eston, Scott Wright, Kevin Tackett
June 8, 2026 · 17 min
About this episode
The episode discusses Microsoft's legal threats over exploit disclosures and the implications for security research and customer safety.
Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare Eclipse controversy, the history of full disclosure, bug bounty incentives, and why legal threats against researchers may ultimately hurt customers. They also explain why researchers still need to follow responsible processes — and why vendors need to avoid punishing the people who help make their products safer. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. ** Links mentioned on the show ** The Verge: Microsoft is threatening legal action for disclosing exploits https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability Microsoft MSRC Blog: A shared responsibility: Protecting customers through coordinated vulnerability disclosure…
People in this episode
Hosts: Tom Eston, Scott Wright
Topics covered
- exploit disclosure
- responsible disclosure
- bug bounty
- legal threats
- security research
- customer safety
Keywords
- Microsoft
- exploit
- disclosure
- security
- research
- legal action
- bug bounty
- responsible disclosure
Sponsors
Guardsquare
Mentioned in this episode
Organizations: Microsoft, The Verge, Microsoft MSRC Blog
More episodes of Shared Security Podcast
- Mobile Application Security: What Every Organization Needs to Know · June 10, 2026 · 32 min
- Apple Finally Fixes One of Texting’s Biggest Security Problems · June 1, 2026 · 15 min
- Should AI Have Access to Your Financial Life? · May 25, 2026 · 25 min
- Cybersecurity Lessons from the Canvas Data Breach · May 18, 2026 · 17 min
- Passwords Are Still Failing Us (World Password Day 2026) · May 11, 2026 · 22 min
- Fake Party Invites and the Rise of Social Phishing Attacks · May 4, 2026 · 16 min
Explore listener stats, chart rankings, contacts and more on the Shared Security Podcast podcast page.