Andrew Harris, a former Microsoft employee, discovered a security flaw in a widely-used Microsoft product that could allow attackers to compromise sensitive data. Despite flagging the issue for years, Microsoft dismissed his warnings, prioritizing profit over security. The flaw was later exploited in the SolarWinds hack by state-sponsored Russian hackers, compromising data from federal agencies and top officials’ emails. Microsoft’s culture of favoring new product development over security fixes led to the dismissal of Harris’ concerns, showcasing the company’s priorities. This investigation reveals the tradeoff between security and profit in the tech industry, shedding light on how major companies handle cybersecurity challenges.
https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers