Tenable exposes Microsoft's irresponsible security practices and lack of transparency

economictimes.indiatimes.com:

Tenable has lodged a formal complaint against tech giant Microsoft, alleging a lack of transparency and irresponsible security practices. The Chairman and CEO of Tenable, Amit Yoran, took to LinkedIn to pen an open letter, exposing the irregularities they have uncovered. The incident dates back to March when the Tenable Research Team stumbled upon a critical flaw within Microsoft's Azure platform that allowed unauthorized access to sensitive data.

While Microsoft was alerted about the vulnerability, the company took a staggering 90 days to implement only a partial fix. Tenable claims that this security lapse has exposed numerous customers, including a bank, to potential cyberattacks. The cloud providers' shared responsibility model, designed to protect customers, becomes compromised when vendors fail to promptly notify users about issues and apply necessary fixes.

The matter has gained further attention with Senator Ron Wyden recently urging the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice, and the Federal Trade Commission (FTC) to hold Microsoft accountable for its recurring pattern of negligent cybersecurity practices, which has allegedly enabled Chinese espionage against the United States government. Data from Google Project Zero has indicated that Microsoft products have accounted for a significant 42.5% of all zero-day vulnerabilities discovered since 2014. A member of Tenable's Research team detailed how they had discovered an alarming issue in March 2023.