Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I would give the one engineer the credit for doing things better, not Microsoft. Microsoft overall culture of security is terrible. Look at the CISA report.


Okay, so I give the team that put this together credit. Hopefully the parent company sees based on this that it's worth letting teams invest more in quality and security work, over features.


We should give all the credit to the Product Manager because he told the engineers to make it secure.


Lets send a thank you letter to Bill Gates


I presume you mean Bill Gates Sr. because he fathered Bill Gates.


Microsoft has islands of security excellence in what these days is a sea of mediocrity.


What CISA report?


I’m guessing they mean this one:

https://www.cisa.gov/news-events/bulletins/sb25-167

> Microsoft--Microsoft 365 Copilot

> Description Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

> Published 2025-06-11

> CVSS Score 9.3

> Source Info CVE-2025-32711

https://www.cve.org/CVERecord?id=CVE-2025-32711

And maybe they are referring to this engineer from the linked advisory notes?

https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

> Acknowledgements

> Arantes (@es7evam on X) with Microsoft Aim Labs (Part of Aim Security)


This one: https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewO...


Not OP, but guessing they were referencing this one:

https://www.cisa.gov/resources-tools/resources/CSRB-Review-S...


https://news.ycombinator.com/item?id=39922066




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: