Source: The Next Web
Microsoft escalated its response to a vulnerability disclosure by threatening criminal prosecution against an independent researcher, fracturing the already-tense relationship between major tech platforms and the security community that identifies their flaws. The move departs from the responsible disclosure norms that have governed bug bounty relationships for two decades—norms Microsoft itself has publicly championed. Security researchers have signaled the industry is reaching a breaking point: companies cannot simultaneously court white-hat hackers with bounty programs while weaponizing the law against disclosure. Microsoft may have just clarified which approach it actually prefers.