Connor Jones reports:
A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation.
Senior principal vulnerability analyst Will Dormann said last week he contacted Microsoft Security Response Center (MSRC) with a clear description of the bug and supporting screenshots, only to be told that his report wouldn’t be looked at without a video.
MSRC told Dormann: “As requested, please provide clear video POC (proof of concept) on how the said vulnerability is being exploited? We are unable to make any progress without that. It will be highly appreciated.”
Frustrated with Microsoft’s demand, which Dormann said would only show him typing commands that were already depicted in the screenshots, and hitting Enter in CMD, the analyst created a video laden with malicious compliance.
Read more at The Register.