It would help if there weren't all these employees and ex-employees stepping forward to talk about how Microsoft is performative and naive about security. I won't go as far as to say that, but I will say I don't think my incentives as an IC lined up with the security-focused mindset that company execs tout publicly.

I don't think anything is going to help here; it's just a message board fixity that companies like Microsoft are unserious about security.

Same Microsoft got their master authentication secret stolen and they still don't know how that happened.

It's also turned out that it's impossible to revoke or cycle that secret. The whole issue is so hushed now, I don't know what happened at the end.

Same Microsoft one of their license golden keys on some installation media, too.

Even if they're serious about security, these events don't look good.

I don't know what "looks good" means. Every major tech company has had multiple bad things happen that would look very bad to people on message board.

None of them got their two different, non-revocable master keys stolen, I may say.

It's been a while now but at one point, just about every giant tech company simply make install'ed a key-material-leaking TLS bug on just about every endpoint they ran. The bug was introduced by, effectively, some guy on the internet. It implemented a feature statistically nobody was going to use.

It's trivial to re-frame all sorts of mishaps as evidence of unseriousness about security, especially if done selectively and in hindsight. It doesn't really tell you much of anything meaningful.

I remember that incident.

I think there's a difference between compiling and installing a buggy software and developing the whole infrastructure yourself on top of the operating system that you solely develop and build.

But that's me.

Microsoft isn't a single entity! Like any large corporation there are many teams and people doing great work, and they are many teams and people incentivized to downplay that work.