Microsoft Threatens Legal Action Over Exploit Disclosure

Microsoft's handling of a zero-day disclosure dispute sparked fresh debate about responsible disclosure, public proof-of-concept exploit releases, and how vendors should treat security researchers. Tom and Scott discuss why disclosure exists in the first place, how bug bounty programs changed researcher incentives, what makes the Nightmare Eclipse case messy, and why legal threats can damage trust between vendors, researchers, and customers. The practical takeaway: researchers should follow coordinated disclosure whenever possible, but vendors need clear processes, appeals paths, and responses that prioritize fixing issues over intimidating the people who find them. Show notes: https://sharedsecurity.net/2026/06/08/microsoft-threatens-legal-action-over-exploit-disclosure/