Microsoft’s incident response is getting a failing grade from researchers

A controversy between Microsoft and a researcher dubbed “Nightmare Eclipse” is described after the researcher publicly released proof-of-concept exploit code for several zero-day vulnerabilities (including an alleged BitLocker bypass) rather than following Microsoft’s coordinated disclosure process; Microsoft criticized the uncoordinated disclosures, warned they endanger customers, and said its Digital Crimes Unit will pursue legal action.