Following revelations about Verizon giving phone data to the NSA and the NSA’s wide-reaching data collection operation, the floodgates of anonymous government sources have been opened. Almost every day there’s some new revelation about how a major tech company was working with the US government without the knowledge of users.
Microsoft is back on that list. Bloomberg News reported overnight that the company is giving the government information about security flaws in its products before releasing public fixes for them.
A Microsoft spokesman told Bloomberg that such practices are used to give the government a head start on risk management. In other words, it’s a way of giving the US a means of defending against zero-day exploits — online attacks against unpatched vulnerabilities.
But as it turns out, that knowledge may not only be used for defense. According to Bloomberg’s anonymous sources, the advance knowledge has “allowed the U.S. to exploit vulnerabilities in software sold to foreign governments.”
What do you think? Is Microsoft right to disclose vulnerabilities to the government, even if that means they’re then used to spy on others?
Previously on GeekWire: Microsoft wants government to provide more transparency for security requests