Tenable CEO and Chairman calls out Microsoft for unacceptable cybersecurity practices
Posted: Thursday, Aug 10

i 3 Table of Contents

Tenable CEO and Chairman calls out Microsoft for unacceptable cybersecurity practices

“They [Microsoft] took more than 90 days to implement a partial fix – and only for new applications loaded in the service.”

In a recent article, Amit Yoran, the Chairman and CEO of Tenable, criticised Microsoft for its cybersecurity practices. He mentioned that Senator Ron Wyden had written to various government agencies, urging them to hold Microsoft accountable for negligent cybersecurity practices that have allowed Chinese espionage against the US government. Data from Google Project Zero showed that Microsoft products were responsible for a significant number of “zero-day” vulnerabilities since 2014.

Yoran criticised Microsoft’s lack of transparency regarding breaches, security practices, and vulnerabilities. He highlighted an incident where a member of Tenable’s research team found a serious security issue in Microsoft’s Azure platform that could allow unauthorised access to sensitive data. Despite reporting this to Microsoft, they took more than 90 days to partially address the issue, leaving many customers exposed. Yoran emphasized that cloud providers should promptly notify customers of issues and openly apply fixes.

Yoran questioned Microsoft’s claims of trustworthiness due to their history of behavior. He expressed concern that their actions put customers at risk and called for greater transparency in revealing vulnerabilities and breaches. 

The article also contained comments from other cybersecurity experts who shared similar concerns about Microsoft’s practices and urged for better collaboration and responsiveness in addressing cybersecurity challenges.

And fans definitely had something to say about it.

Many people agree with the CEO’s criticism, and it has sparked a debate on LinkedIn. 

Update: Microsoft fixed this problem for new connectors by making sure they need special keys to work. They also fixed the issue for existing connectors. The researcher reported the issue to Microsoft and worked with them to solve it. The details about this issue were released in an advisory.

Karissa Breen
Karissa Breen, crowned a LinkedIn ‘Top Voice in Technology’, is more commonly known as KB. A serial Entrepreneur that Co-Founded the TMFE Group, a holding company and consortium of several businesses all relating to cybersecurity including, an industry-leading media platform, a marketing agency, a content production studio, and the executive headhunting firm, MercSec. KBI.Media is an independent and agnostic global cyber security media company led by KB at the helm of the journalism division. As a Cybersecurity Investigative Journalist, KB hosts her flagship podcast, KBKast, interviewing cybersecurity practitioners around the globe on security and the problems business executives face. It has been downloaded in 65 countries with more than 300K downloads globally, influencing billions in cyber budgets. KB asks hard questions and gets real answers from her guests, providing a unique, uncoloured position on the always evolving landscape of cybersecurity. As a Producer and Host of the streaming show, 2Fa.tv, she sits down with experts to demystify the world of cybersecurity and provide genuine insight to businesses executives on the downstream impacts cybersecurity advancement and events have on our wider world.
Share This