this post was submitted on 27 May 2026
818 points (99.2% liked)

Technology

84980 readers
3597 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
818
Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation (www.tomshardware.com)
submitted 1 day ago by throws_lemy@reddthat.com to c/technology@lemmy.world
122 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] sonofearth@lemmy.world 21 points 16 hours ago* (last edited 16 hours ago) (2 children)

Didn't Google also recently used their stupid AI to find exploits in FFMPEG and then blackmailed them to fix it before deadline or they will release them to the public? If banning a dev for such "act" is right, then banning the company should also be right. Ban all of them.

[–] half_built_pyramids@lemmy.world 1 points 5 hours ago

The "vulnerability" in ffmpeg was only for an addon, which required a separate download by the user, which was only for a cinematic which was only in the game Star wars xwing vs tie fighter from the 90s, which would only occur at exactly 17s into the fmv.

[–] echodot@feddit.uk 9 points 15 hours ago (1 children)

There was a protocol for reporting security vulnerabilities. Of course some companies don't follow the protocol when vulnerabilities are reported to them, but that's their problem.

You report the problem and then you wait 1 month, if the company still hasn't fixed the issue by then, then you publicly announce it.

[–] jjlinux@lemmy.zip 1 points 10 hours ago (1 children)

Unless it is an open source piece of software, any vulnerability I find will be publicly posted while I remove all software using it from all my devices and infrastructure.

[–] echodot@feddit.uk 1 points 7 minutes ago

The thing is if you want to continue working in the industry you have to give people the benefit of the doubt and give them time to fix the issue. If you don't do that you're very quickly find yourself to be out of a job no one wants to lose cannon, is bad for business.