Microsoft’s stance on zero day exploits is a dumpster fire of their own making

Security researcher Kevin Beaumont criticizes Microsoft's characterization of zero-day exploit publication as 'criminal activity,' arguing it misuses GitHub ownership to suppress vulnerability disclosures for its own products while allowing the same for competitors. He highlights the hypocrisy given Microsoft's history of hiring researchers who publicly released zero-days, purchasing exploits from brokers, and employing people who discussed selling exploits to adversarial nations. Beaumont warns that criminalizing responsible disclosure failures would harm the broader security community and prioritize corporate interests over collective cyber defense.