Haifei Li
As I said previously, the MSRC and all security folks I engaged with are mostly very nice in person, the security improvements in Microsoft software and services are what we could see in our labs and during our daily research, the ~17M yearly bounty payout are real, and many more. IMO MSRC has been an absolutely leader and has basically defined what the vendor Security Responses look like today (I recall a lot of *SRCs). There’s definitely zero reason for Microsoft to kill all the decades-long good efforts and community relationships in one single post (can’t imagine that😅). There were and there will be sometimes very hard to deal with for some cases, no doubt. If things go bad, I will complain bad. But with more effective and direct communications, I think (at least I hope) we can improve continuously. Overall, I’m personally very happy to see this clarification coming out and hopefully this drama can be resolved peacefully.