There’s been a string of security blunders in Azure in the last couple years but leaking a signing key and then trying to downplay it is really beyond the pale
There’s been a string of security blunders in Azure in the last couple years but leaking a signing key and then trying to downplay it is really beyond the pale
How I see Microsoft “Security”:
When someone reports a glaring hole in an MS product, they probably ask nicely at the CIA and NSA if they want to buy the security vulnerability for their own nefarious causes, or, if they know it already, whether MS is allowed to close the hole in the foreseeable future.
And then they basically do nothing, as finding, fixing, and patching all costs money. And admitting that ones product has more holes than a pair of nylon pantyhose after a run though the brambles is bad for marketing, too.