Comment by lionkor

4 hours ago

I understand that there's frustration with MSRC, but surely the right move is to keep doing things right to the best of your abilities.

Like, disclose it, wait a week, publish it. That seems, to me, like it would avoid almost all the bad press this is getting, and shows that the researcher DOES care about actual security and not just recognition from MSFT.

1 comment

lionkor

Reply
insanitybit  4 hours ago

It's up to the researcher to make the call. Maybe they feel that it's best to disclose to bring attention to the MSRC problem - arguably, that'll be massively better for security longer term vs a point in time vuln disclosure.