GitHub has long been a source for zero days exploits in competitor products - it still is. While I worked there GitHub had a policy saying they wouldn’t remove them.

By continually removing just exploits for their own products from Github and declaring “criminal activity”, it’s a rubicon.

Do I think the finder was acting rationally? No. Do I think Microsoft gets to decide what is criminal activity around proof of concept exploits? No.

I’m deeply uncomfortable with Microsoft attempting to weaponise their extensive law enforcement contacts to arrest people who post zero days in the products.

It comes after the researcher was kicked off GitHub (owned by Microsoft), Gitlab (a Microsoft partner), after they were doxxed on Twitter and had their MSRC - Microsoft vulnerability reporting portal - account disabled.

https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure

RE: https://techhub.social/@Techmeme/116653554177369852

If anybody is wondering how this bubble hasn’t popped yet - I still run into companies with blockchain teams. Everybody pretended GameStop could buy eBay this month. Businesses are really good at huffing glue.

1.8 GB per emoji

One of the great lessons in life is that we built this.

All of it.

And we choose throughout our days how we will continue or change the world we have built.

We can build differently.

Beyond friggen pitiful and has to be among the absolute worst things to happen to the main portion of the White House since the British burned it during the War of 1812.
#USpol

“That is one helluva before and after.” - Zack Hunt