> Thank you for reporting it and not selling it on the black market!
I disagree. If MS is going to treat major issues like this then researchers should be selling them to the highest bidder. Maybe that way they'll actually treat disclosures properly.
Not selling this is the real crime here. Microsoft's conduct in this case deserves much worse than just that.
Hoping for a reward now is obviously not going to happen - the best you can hope for as a response to an act like this is legal action. In a vindictive way, you can definitely hope they will get significantly damaged by this and in that way learn their lesson, but I doubt it.
Sorry if I am just obtuse but I don’t see a timeline in the linked report on GitHub. All I can see is that you tested against a version of Teams from 2020-08-31. Being able to see the complete timeline of communication with MS from discovery to public disclosure is not necessary but would give a more complete picture of how this went down, and I’d like to see it too if it’s not such a hassle.
GekkePrutser|5 years ago
I agree the categorisation is very bad.
I hope raising this here will help you getting rewarded properly.
driverdan|5 years ago
I disagree. If MS is going to treat major issues like this then researchers should be selling them to the highest bidder. Maybe that way they'll actually treat disclosures properly.
krageon|5 years ago
Hoping for a reward now is obviously not going to happen - the best you can hope for as a response to an act like this is legal action. In a vindictive way, you can definitely hope they will get significantly damaged by this and in that way learn their lesson, but I doubt it.
csnover|5 years ago
oskarsv|5 years ago
There is little value in going through the email chains to note each date:(. Final decision was made 2020-11-19