Microsoft has criticized the public disclosure of zero-day security flaws, right after deleting a researcher's account on GitHub. This action directly affects ordinary users, as it delays the correction of vulnerabilities in everyday software like Windows or Office. Digital protection depends on a balance between transparency and corporate control.
The cost of silencing researchers 🔍
When a company deletes the account of a researcher who reports flaws, it creates a deterrent effect. Other experts hesitate before sharing critical vulnerabilities. This extends correction timelines, leaving millions of users exposed. Without public access to information, patches take longer to arrive. The update cycle slows down, and cybercriminals exploit the window of opportunity. Security does not improve with less data, but with more collaboration.
The patch that never came (because they deleted the messenger) 🛡️
It seems Microsoft prefers to kill the messenger rather than read the message. If a researcher finds a critical error in Office, it's better to delete their GitHub account and then complain that people are reporting it. So, instead of a quick patch, users receive a corporate statement and the hope that the next zero-day won't be the one that empties their bank account. Good thing security comes first.