Tenable CEO and Chairman calls out Microsoft for unacceptable cybersecurity practices
Posted: Thursday, Aug 10

i 3 Table of Contents

Tenable CEO and Chairman calls out Microsoft for unacceptable cybersecurity practices

“They [Microsoft] took more than 90 days to implement a partial fix – and only for new applications loaded in the service.”

In a recent article, Amit Yoran, the Chairman and CEO of Tenable, criticised Microsoft for its cybersecurity practices. He mentioned that Senator Ron Wyden had written to various government agencies, urging them to hold Microsoft accountable for negligent cybersecurity practices that have allowed Chinese espionage against the US government. Data from Google Project Zero showed that Microsoft products were responsible for a significant number of “zero-day” vulnerabilities since 2014.

Yoran criticised Microsoft’s lack of transparency regarding breaches, security practices, and vulnerabilities. He highlighted an incident where a member of Tenable’s research team found a serious security issue in Microsoft’s Azure platform that could allow unauthorised access to sensitive data. Despite reporting this to Microsoft, they took more than 90 days to partially address the issue, leaving many customers exposed. Yoran emphasized that cloud providers should promptly notify customers of issues and openly apply fixes.

Yoran questioned Microsoft’s claims of trustworthiness due to their history of behavior. He expressed concern that their actions put customers at risk and called for greater transparency in revealing vulnerabilities and breaches. 

The article also contained comments from other cybersecurity experts who shared similar concerns about Microsoft’s practices and urged for better collaboration and responsiveness in addressing cybersecurity challenges.

And fans definitely had something to say about it.

Many people agree with the CEO’s criticism, and it has sparked a debate on LinkedIn. 

Update: Microsoft fixed this problem for new connectors by making sure they need special keys to work. They also fixed the issue for existing connectors. The researcher reported the issue to Microsoft and worked with them to solve it. The details about this issue were released in an advisory.

Karissa Breen
Karissa Breen, who's been crowned LinkedIn Top Voice in Technology, and is more commonly known as KB is a serial Entrepreneur who is the Co-Founder of TMFE Group, which is a holding company that holds three businesses relating to cybersecurity including, KBI.Media, KBI.Digital and MercSec. KBI.Media, are an independent and agnostic global cyber security multi-media company. KB who leads the journalism division and is a Cyber Security Investigative Journalist who hosts her flagship podcast, KBKast, and interviews cyber security practitioners around the globe about security and the problems business executives face. KB likes to ask real questions and gets real answers from her guests, providing a unique yet neutral position on these topics. KB is the Producer and Host of the streaming show, http://2Fa.tv , where she asks hard questions to demystify the world of cyber security, to provide insight of the world of security to businesses executives and focuses on the downstream impacts these cyber security events have on our markets. KB leads with her audience first and asks the hard questions to derive outcomes to her viewership. KB has interviewed cybersecurity practitioners in the public and private sector across the globe. KBKast, has been downloaded in 65 countries with more than 300K downloads globally. This podcast alone influences billions in cyber budgets.
Share This