“They [Microsoft] took more than 90 days to implement a partial fix – and only for new applications loaded in the service.”
In a recent article, Amit Yoran, the Chairman and CEO of Tenable, criticised Microsoft for its cybersecurity practices. He mentioned that Senator Ron Wyden had written to various government agencies, urging them to hold Microsoft accountable for negligent cybersecurity practices that have allowed Chinese espionage against the US government. Data from Google Project Zero showed that Microsoft products were responsible for a significant number of “zero-day” vulnerabilities since 2014.
Yoran criticised Microsoft’s lack of transparency regarding breaches, security practices, and vulnerabilities. He highlighted an incident where a member of Tenable’s research team found a serious security issue in Microsoft’s Azure platform that could allow unauthorised access to sensitive data. Despite reporting this to Microsoft, they took more than 90 days to partially address the issue, leaving many customers exposed. Yoran emphasized that cloud providers should promptly notify customers of issues and openly apply fixes.
Yoran questioned Microsoft’s claims of trustworthiness due to their history of behavior. He expressed concern that their actions put customers at risk and called for greater transparency in revealing vulnerabilities and breaches.
The article also contained comments from other cybersecurity experts who shared similar concerns about Microsoft’s practices and urged for better collaboration and responsiveness in addressing cybersecurity challenges.
And fans definitely had something to say about it.
Many people agree with the CEO’s criticism, and it has sparked a debate on LinkedIn.
Update: Microsoft fixed this problem for new connectors by making sure they need special keys to work. They also fixed the issue for existing connectors. The researcher reported the issue to Microsoft and worked with them to solve it. The details about this issue were released in an advisory.