Microsoft Has Forgotten Its Vulnerability Disclosure History

The recent Nightmare-Eclipse zero day drop and attendant drama has stirred up all kinds of trouble and unfortunately spurred Microsoft to publish a post scolding security researchers for not using the "proper channels" to disclose bugs, threatening legal action, and generally dredging up every hobby horse from the threadbare disclosure debate.

Links

MSRC post: https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure

Decipher story: https://decipher.sc/2026/05/28/the-past-is-always-present-in-vulnerability-disclosure/

Expel event: https://info.expel.com/event-mythos-unhappy-hour.html