Bottom line: Microsoft eases its threats against uncoordinated vulnerability disclosures after the security research community protests massively against the stance.
Following fierce opposition from the security research community, Microsoft is backing down from its announcement to pursue legal action against uncoordinated vulnerability disclosures. However, the conflict with security researcher Nightmare Eclipse remains unresolved.
Microsoft had announced through its Microsoft Security Response Center (MSRC) that it intended to take legal action against uncoordinated disclosure of security vulnerabilities. This position triggered significant criticism in the security research community and led to intense debates about the boundaries between responsible disclosure and research freedom.
The company now finds itself compelled to correct its position and downplay the criticism. This reflects pressure from the security research community, which views legal prosecution of researchers as counterproductive and deterring for future vulnerability reports.
The dispute with security researcher Nightmare Eclipse continues and highlights fundamental tensions between vendors who seek controllability and researchers who demand transparency and free communication about vulnerabilities. A complete resolution of the conflict is not in sight at present.
Source: borncity.com · Published June 2, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.