MICROSOFT has faced backlash from the research community for suggesting that the public release of proof-of-concept exploits for undisclosed vulnerabilities constitutes criminal activity. Kevin Beaumont discusses the conflict involving a user named Nightmare Eclipse, who has publicly released exploits for unpatched vulnerabilities, claiming mistreatment from Microsoft.
A Microsoft blog emphasizes that disclosures without prior coordination risk the safety of customers, and asserts the company's commitment to tracking and prosecuting those who exploit such disclosures. Critics argue that Microsoft's definition of responsible disclosure is overly restrictive and question the effectiveness of its security response processes.