The disclosure timeline on this post is just not acceptable by Microsoft.
I made this plea on Twitter a while ago - security researchers, please include full timelines like this in disclosures. This one isn’t isolated. The more this kind of thing comes out in public, the more it forces cloud providers to properly resource security fixes.
One thing I’ve noticed is Mandiant now assign their own CVE like numbers to cloud provider vulnerabilities like this.
There really needs to be a properly, commonly agreed up system like CVE for this (not run by Google). I know there’s attempts at this, I hope they take off.
The illusion the cloud is magically secure is just that; an illusion. At the minute cloud providers are hiding behind lack of regulation, lack of transparency & deliberate subterfuge to protect shareholders. It’s not great.
