Will DormannMay 27

Microsoft, who banned Nightmare-Eclipse from their GitHub platform, conveys their displeasure with said individual

Along with a threat:

Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity – coordinating as needed with law enforcement around the world.

Also manages to sprinkle in a few references to not using CVD as being not "responsible". (Microsoft was a big proponent of the term "responsible disclosure", which has gone by the wayside because it tends to favor vendor-centric perspective in a subjective and moralizing way.)

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure

Show threadChthonicMay 28
@wdormann It seems like Microsoft is also extending an olive-branch towards the end where they state they will work with any disclosure reported by whoever, regardless of reputation. From what I gather here it looks like they're laying the DCU threat while trying to keep a door open for negotiation with Nightmare-Eclipse. As a newbie, this is not how it usually goes correct? And there's no way for the public as third parties to verify either sides claims (did Nightmare-Eclipse report and then an agreement was not verified or did they simply not report at all?)
Show threadWill Dormann

@chthonic

Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity – coordinating as needed with law enforcement around the world.

This is not an olive branch. It's a threat.

May 28 at 12:06pmWeb