A full, public accounting of what happened in the Solar Winds case would have been devastating to Microsoft. ProPublica recently revealed that Microsoft had long known about — but refused to address — a flaw used in the hack. The tech company's failure to act reflected a corporate culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said.
So far, the Cyber Safety Review Board has charted a different path.
The board is not independent — it's housed in the Department of Homeland Security. Rob Silvers, the board chair, is a Homeland Security undersecretary. Its vice chair is a top security executive at Google. The board does not have full-time staff, subpoena power or dedicated funding.
Silvers told ProPublica that DHS decided the board didn't need to do its own review of SolarWinds as directed by the White House because the attack had already been "closely studied" by the public and private sectors.
As a result, there has been no public examination by the government of the unaddressed security issue at Microsoft that was exploited by the Russian hackers. None of the SolarWinds reports identified or interviewed the whistleblower who exposed problems inside Microsoft.
In past statements, Microsoft did not dispute the whistleblower's account but emphasized its commitment to security. "Protecting customers is always our highest priority," a spokesperson previously told ProPublica. "Our security response team takes all security issues seriously and gives every case due diligence with a thorough manual assessment, as well as cross-confirming with engineering and security partners."
compare this to !applechads who have a public policy of dont talk about any security vulnerabilities until they are totally fixed to keep the stock high
So guys what is it? Did Microsoft use its typical mafia tatics to to strong arm federal oversight away from it? Or are microsoft competitors eager to watch them fail and want them to keep on the current security lax path?
Jump in the discussion.
No email address required.
same reason this wasnt investigated very far
https://en.wikipedia.org/wiki/DDoS_attacks_on_Dyn
!slots333
Jump in the discussion.
No email address required.
More options
Context
bill gates
Jump in the discussion.
No email address required.
More options
Context
Thre is no need to investigate what you already know. The backdoors are a feature.
Jump in the discussion.
No email address required.
More options
Context
you say you program in rust, but it seems you haven't actually released any software, curious?
Snapshots:
https://www.propublica.org/article/cyber-safety-board-never-investigated-solarwinds-breach-microsoft:
ghostarchive.org
archive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
More options
Context