zaicurity@AAKL @tomshardware I remember a researcher complaining heavily on Twitter about Microsoft not paying multiple bounties years ago (before Twitter became the shit hole is today). I wonder if it’s the same guy. The type of vulns/exploits would fit imho.
Adriaan@zaicurity @AAKL @tomshardware It does feel a lot like polarbear/sandboxescaper (at least that's the vibe i'm getting not saying that it is)
@adriaan @AAKL @tomshardware I’m thinking of someone else and his old posts are still up. Not going to throw up a name based on a hunch though. While searching around I found some other people who had similar frustrations with Microsoft’s bug bounty, though. They sure know how to piss people off.
Will Dormann@zaicurity @adriaan @AAKL @tomshardware
They sure know how to piss people off.
This is a fact. My most recent interaction with MSRC was to report a vulnerability that was clearly explained in a single sentence. Their response? We need a video POC (proof of concept) on how the said vulnerability is being exploited.
Without the above information we are unable to make progress on this report.