{"id":1511,"date":"2023-08-02T18:12:21","date_gmt":"2023-08-02T18:12:21","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=76021"},"modified":"2023-08-02T18:12:21","modified_gmt":"2023-08-02T18:12:21","slug":"tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/08\/02\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw\/","title":{"rendered":"Tenable CEO accuses Microsoft of negligence in addressing security flaw"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop<\/title> <meta name=\"description\" content=\"Cybersecurity veteran Amit Yoran says Microsoft has a culture of toxic obfuscation when it comes to addressing security threats.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/tenable-microsoft-negligence-security-flaw\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Tenable CEO accuses Microsoft of negligence in addressing security flaw\"> <meta property=\"og:description\" content=\"Cybersecurity veteran Amit Yoran says Microsoft has a culture of toxic obfuscation when it comes to addressing security threats.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/tenable-microsoft-negligence-security-flaw\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-08-02T18:12:21+00:00\"> <meta property=\"article:modified_time\" content=\"2023-08-02T18:12:22+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1318\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1689625837g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1690916638g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1690549404g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=008d053dcbaaeb47b822\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/76021\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<link rel=\"wlwmanifest\" type=\"application\/wlwmanifest+xml\" href=\"https:\/\/cyberscoop.com\/wp-includes\/wlwmanifest.xml\">\n<meta name=\"generator\" content=\"WordPress 6.2.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=76021\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftenable-microsoft-negligence-security-flaw%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftenable-microsoft-negligence-security-flaw%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-76021 single-format-standard\" id=\"readabilityBody\"> <svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-dark-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncG type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncB type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.54901960784314 0.98823529411765\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.71764705882353 0.25490196078431\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-red\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.27843137254902\" \/><feFuncB type=\"table\" tableValues=\"0.5921568627451 0.27843137254902\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-midnight\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0\" \/><feFuncG type=\"table\" tableValues=\"0 0.64705882352941\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-magenta-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.78039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.94901960784314\" \/><feFuncB type=\"table\" tableValues=\"0.35294117647059 0.47058823529412\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-green\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.65098039215686 0.40392156862745\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.44705882352941 0.4\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-orange\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.098039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.66274509803922\" \/><feFuncB type=\"table\" tableValues=\"0.84705882352941 0.41960784313725\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg> <a href=\"https:\/\/cyberscoop.com\/tenable-microsoft-negligence-security-flaw\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.018633540373\">\n<div class=\"single-article__header-content\" readability=\"30.357142857143\">\n<p> Cybersecurity veteran Amit Yoran says Microsoft has a culture of toxic obfuscation when it comes to addressing security threats. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"439\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw.jpg?resize=640%2C439&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=300,206 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=768,527 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=1024,703 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=1536,1054 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=600,412 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=245,168 245w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=491,337 491w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=983,675 983w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/tenable-ceo-accuses-microsoft-of-negligence-in-addressing-security-flaw-1.jpg?resize=1228,843 1228w\" sizes=\"(max-width: 983px) 100vw, 983px\"><figcaption> Amit Yoran, CEO of Tenable, testified about encryption policies at a House Energy and Commerce Subcommittee hearing on Capitol Hill on April 19, 2016. At the time, he was president of RSA Security. (SAUL LOEB\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"47.073030363167\"><body readability=\"95.561804572122\"><\/p>\n<p>Veteran cybersecurity executive Amit Yoran accused Microsoft on Wednesday of dragging its feet on fixing a critical vulnerability affecting its Azure platform and said the tech giant\u2019s slow response illustrates a negligent approach to security. <\/p>\n<p>His harsh public critique of Microsoft \u2014 a relatively rare event for a high-profile corporate figure in cybersecurity \u2014 follows criticism from lawmakers and researchers alike after a recent cyberattack affecting U.S. government officials resulted from a Microsoft security lapse. <\/p>\n<p>As the CEO of Tenable, a firm that helps companies understand and mitigate their cybersecurity vulnerabilities, Yoran said he works with hundreds of companies every year to disclose and patch vulnerabilities. Microsoft, he said, consistently fails to proactively and professionally address vulnerabilities in their products. <\/p>\n<p>\u201cIn Microsoft\u2019s case you have a culture which denies the criticality of vulnerabilities,\u201d Yoran told CyberScoop in an interview. &nbsp;<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The former national cybersecurity director at the Department of Homeland Security, Yoran detailed his concerns with Microsoft\u2019s approach to addressing vulnerabilities in <a href=\"https:\/\/www.linkedin.com\/pulse\/microsoftthe-truth-even-worse-than-you-think-amit-yoran%3FtrackingId=hE4qd2mSSwmpSoVPqfWAAw%253D%253D\/?trackingId=hE4qd2mSSwmpSoVPqfWAAw%3D%3D\" target=\"_blank\" rel=\"noreferrer noopener\">a blog post published Wednesday<\/a> after researchers at his company identified a critical vulnerability in a Microsoft Azure product, informed Microsoft of the flaw and then waited in vain for the technology to address the issue. <\/p>\n<p>The flaw allowed Tenable\u2019s research to, among other things, access a bank\u2019s authentication secrets, but four months after it was disclosed to Microsoft, the vulnerability still hasn\u2019t been properly patched, Yoran said.<\/p>\n<p>According to <a href=\"https:\/\/www.tenable.com\/security\/research\/tra-2023-25\" target=\"_blank\" rel=\"noreferrer noopener\">a timeline in a limited blog published to Tenable\u2019s website<\/a>, Microsoft acknowledged the issue the same day it was disclosed on March 30, and confirmed it four days later. Tenable asked for an update June 27 and was told on July 6 that it was fixed, but Tenable says it was merely a partial fix. On July 21, Microsoft told Tenable that it would take until Sept. 28 for a complete fix. Tenable agreed to withhold technical details and proofs-of-concept until Sept. 28. <\/p>\n<p>In his blog post, Yoran described Microsoft\u2019s approach to addressing the issue as \u201cgrossly irresponsible, if not blatantly negligent.\u201d More than 120 days since the vulnerability was reported, the bank in question remains vulnerable, Yoran wrote, adding that many vulnerable organizations \u201cstill have no idea they are at risk and therefore can\u2019t make an informed decision about compensating controls and other risk mitigating actions.\u201d <\/p>\n<p>A spokesman for Microsoft did not immediately reply to a request for comment. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Yoran\u2019s broadside against Microsoft come amid growing scrutiny of Microsoft in Washington after one of the company\u2019s products was abused by hackers based in China <a href=\"http:\/\/cyberscoop.com\/china-hackers-email-us-government\/\" target=\"_blank\" rel=\"noreferrer noopener\">to steal the email messages of senior U.S. officials<\/a>. In that incident, hackers based in China were able to steal an encryption key that they could then use to forge authentication tokens, and security researchers have sharply criticized the company for not only allowing an encryption key to be stolen but for building a computing architecture in which tokens could be forged in this way at all. <\/p>\n<p>The incident <a href=\"https:\/\/cyberscoop.com\/microsoft-china-breach-encryption-key\/\" target=\"_blank\" rel=\"noreferrer noopener\">spurred Sen. Ron Wyden, D-Ore., to call Microsoft \u201cnegligent\u201d<\/a> in its security practices and request that the Justice Department investigate whether Microsoft\u2019s actions in the incident broke the law. <\/p>\n<p>While Microsoft has insisted that the Chinese operation was highly targeted, research by the cloud security company <a href=\"https:\/\/www.wiz.io\/blog\/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr#applications-supporting-personal-microsoft-accounts-only-29\" target=\"_blank\" rel=\"noreferrer noopener\">Wiz suggests the incident<\/a> may have been more broad than first understood \u2014 a claim Microsoft has dismissed as speculative. <\/p>\n<p>The vulnerability discovered by Tenable allowed \u201can unauthenticated attacker to access cross-tenant applications and sensitive data, such as authentication secrets,\u201d according to Yoran\u2019s blog post. It appears that vulnerability does not exploit the same types of authentication flaws seen in the recent incident involving Chinese hackers, but may add pressure on Microsoft to improve its security practices. <\/p>\n<p>Industry professionals and government officials pointed out that the Chinese operation was only detected because a government agency was paying additional money for more sensitive logging capabilities. Microsoft later reversed that policy and <a href=\"https:\/\/cyberscoop.com\/microsoft-logging-china-hacking\/\" target=\"_blank\" rel=\"noreferrer noopener\">expanded logging visibility and retention<\/a> for certain customers.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Yoran, who has grown increasingly <a href=\"https:\/\/www.linkedin.com\/pulse\/microsofts-vulnerability-practices-put-customers-risk-amit-yoran\/?trackingId=1HKaxJVrQO6dQQJitM1eLw%3D%3D\" target=\"_blank\" rel=\"noreferrer noopener\">critical of Microsoft in recent years<\/a>, told CyberScoop that the company\u2019s dominant position in the technology ecosystem makes many computer security researchers hesitant to speak up about its security practices but that doing so is especially important given the ubiquity of its products. <\/p>\n<p>\u201cMicrosoft is a pretty strategic problem in the security space given their pervasiveness of their software, of their infrastructure,\u201d Yoran said. \u201cI also think they have to be part of the solution.\u201d <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/tenable-microsoft-negligence-security-flaw\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tenable CEO accuses Microsoft of negligence in addressing security flaw<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[702,271,78,625,288,643,703],"tags":[704,277,86,630,294,645,705],"class_list":["post-1511","post","type-post","status-publish","format-standard","hentry","category-amit-yoran","category-china","category-cybersecurity","category-microsoft","category-threats","category-vulnerabilities","category-vulnerability-disclosure","tag-amit-yoran","tag-china","tag-cybersecurity","tag-microsoft","tag-threats","tag-vulnerabilities","tag-vulnerability-disclosure"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/amit-yoran\/\" rel=\"category tag\">Amit Yoran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a>","tag_info":"vulnerability disclosure","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1511"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1511\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}