All articles tagged with #coordinated vulnerability disclosure
GitHub terminated the anonymous security researcher Nightmare-Eclipse after publicly disclosing unpatched Windows vulnerabilities, with the researcher moving to GitLab and continuing to publish exploits (BlueHammer, YellowKey) and threats; Microsoft says the disclosures violated coordinated vulnerability disclosure practices, sparking mixed reactions from the community.
Trend Micro's Zero Day Initiative (ZDI) criticized Microsoft for not crediting them in the disclosure and patching of a zero-day vulnerability in MSHTML, reported in May and patched in July. ZDI claims the flaw is a remote code execution vulnerability, contrary to Microsoft's classification as a spoofing vulnerability. This incident highlights broader issues in the coordinated vulnerability disclosure process, with vendors often failing to properly communicate and credit researchers.