Microsoft under fire for threatening security researcher with criminal investigation

After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them, the company is now threatening to take legal action and call the cops on them. Microsoft’s veiled threat reignites a long-running argument over what responsibility, if any, security researchers have to disclose vulnerabilities affecting large and wealthy tech giants.

On Wednesday, Microsoft published a blog post criticizing the researcher, who goes by the handle “Nightmare Eclipse,” for publicly disclosing a series of bugs, including BlueHammer, RedSunUnDefend, and YellowKey. The flaws affected products such as the Windows built-in antivirus engine Defender, and the disk-encryption tool BitLocker.

The core of Microsoft’s complaints is that the researcher did not attempt to report the bugs so that the company could fix them. That would have been “responsible,” as Microsoft’s blog put it. The other side of the company’s argument is that...

Copyright of this story solely belongs to techcrunch.com. To see the full text click HERE