EPISODE · Jun 8, 2026 · 17 MIN
Microsoft Threatens Legal Action Over Exploit Disclosure
from Shared Security Podcast · host Tom Eston, Scott Wright
Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare Eclipse controversy, the history of full disclosure, bug bounty incentives, and why legal threats against researchers may ultimately hurt customers. They also explain why researchers still need to follow responsible processes — and why vendors need to avoid punishing the people who help make their products safer. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. ** Links mentioned on the show ** The Verge: Microsoft is threatening legal action for disclosing exploits https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability Microsoft MSRC Blog: A shared responsibility: Protecting customers through coordinated vulnerability disclosure https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure Kevin Beaumont / DoublePulsar: Microsoft’s stance on zero day exploits is a dumpster fire of their own making https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4 ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Microsoft Threatens Legal Action Over Exploit Disclosure appeared first on Shared Security Podcast.
What this episode covers
Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare Eclipse controversy, the history of full disclosure, bug bounty incentives, and why legal threats against researchers may ultimately hurt customers. They also explain why researchers still need to follow responsible processes — and why vendors need to avoid punishing the people who help make their products safer. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. ** Links mentioned on the show ** The Verge: Microsoft is threatening legal action for disclosing exploits https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability Microsoft MSRC Blog: A shared responsibility: Protecting customers through coordinated vulnerability disclosure https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure Kevin Beaumont / DoublePulsar: Microsoft’s stance on zero day exploits is a dumpster fire of their own making https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4 ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Microsoft Threatens Legal Action Over Exploit Disclosure appeared first on Shared Security Podcast.
NOW PLAYING
Microsoft Threatens Legal Action Over Exploit Disclosure
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m