← Back to context

Comment by bitbasher

1 month ago

I can’t help but feel Microsoft will regret this.

Guy finds zero days and gets no compensation. Instead gets banned.

Guy sells zero days elsewhere.

But the story is supposedly about him posting the zero-day exploits, not selling them. It’s in the title.

He also got banned from Gitlab, which isn’t related to Microsoft at all.

Not to mention all the other people who find 0-days. Reputation matters a lot.

  • Yep, and its a really small world out there.

    If researchers stop believing MS will treat them fairly it's bad news for the entire security industry.

    • Well. Its a bad news for society as whole.

      Security industry going to be okay - someone will always pay for 0-days. If vendors wont pay its just gonna be US agencies, Israel resellers, China or Russia.

      If you don't feed your army, you will soon feed someone's else's.

      5 replies →

  • Not to mention all the startups being founded right now. Sure, github's still the default, and maybe you can still monetize stars or something, but it's also a clown show from an availability, feature roadmap and company policy perspective.

    Is it really fiscally responsible to tie your company's future to that?

    I wonder if anyone tracks metrics for this stuff. Percentage of stuff with a repo there is probably still high, but what's happening with stuff like github actions, and are devs directly pushing to github, or are they just mirroring an internal / other provider's git repo to it?

> Guy sells zero days elsewhere.

No problem. The CIA will give it's high level officers millions of dollars in gold bars simply for the asking. I'm sure purchasing exploits doesn't even require a purchase order.

Why would they regret it? According to the person who found them, they put those vulnerabilities there for a reason.