GITHUB BANS RESEARCHER OVER ZERO-DAY WINDOWS POSTS

Microsoft's GitHub platform removed the researcher's account following posts containing working exploits for unpatched Windows security vulnerabilities. The researcher alleges the ban stems from Microsoft's handling of the vulnerability disclosure process and claims the company ignored responsible reporting attempts. According to the researcher, Microsoft declined to address the security issues within standard timeframes, prompting the decision to publish the exploits. They characterize GitHub's enforcement action as vindictive and suggest further escalation could follow. The incident raises ongoing tensions in the cybersecurity community around vulnerability disclosure policies. Security researchers often face difficult choices when vendors fail to patch known flaws: remain silent while systems remain vulnerable, or publish details that help defenders understand risks while potentially aiding attackers. GitHub's terms of service prohibit posting exploits and malicious code, giving the platform grounds for enforcement. However, researchers argue such policies can conflict with public safety when vendors neglect patches. The case reflects broader friction between technology companies and security researchers. Microsoft has faced previous criticism over slow patch cycles and communication gaps during vulnerability management. Researchers increasingly question whether traditional disclosure timelines work when companies deprioritize fixes. The suspension highlights the power dynamics at play: GitHub controls the primary platform many researchers use to share work, while researchers depend on these channels to coordinate around critical security issues. No official statement from Microsoft or GitHub addressing specific details has been released. The incident drew attention across security forums, with some supporting the researcher's position while others argue published exploits pose legitimate risks regardless of underlying disputes.