After Microsoft admitted its Azure platform had been breached by Chinese hacking group Storm-0558, chairman and CEO of network security giant Tenable, Amit Yoran, took to Microsoft-owned social platform LinkedIn to air his grievances against Microsoft's security practices.
Citing a letter sent by US Senator Ron Wyden to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice (DoJ), and the Federal Trade Commission (FTC) recently, Yoran calls for Microsoft to answer for the "lack of transparency" and a "repeated pattern of negligent cybersecurity practices, which has enabled Chinese espionage against the United States government" (via The Verge).
That's quite the accusation, and the Google Project Zero numbers seem to add insult to injury, as Yoran notes "Microsoft products have accounted for an aggregate 42.5% of all zero days discovered since 2014".
Yoran's main argument centres around the Azure hack. He says members of Tenable's research team had been previously checking out any potential Azure security issues, only to quickly gain access to some pretty sensitive bank authentication details.
His team notified Microsoft as soon as they realised the severity of the issue, and Yoran is pretty upset with the seemingly blasé attitude taken over the matter.
"Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service."
120 days later when Yoran's post goes up, those bank details remain exposed. And while Microsoft promises to fix the issues by September, Yoran makes clear his feelings that a four month wait for a fix is "grossly irresponsible, if not blatantly negligent."