Security Researcher Discloses VS Code Zero-Day After Microsoft Disclosure Process Breakdown

A security researcher publicly disclosed a zero-day vulnerability in VS Code after Microsoft's disclosure process failed, causing a breakdown in trust. This is a critical issue as it erodes trust in Microsoft's processes, leading to delayed patch deployment, exploitation window expansion, and reputational degradation. The researcher felt that Microsoft's handling of the vulnerability was unreliable, opaque, and inefficient. As a result, the researcher chose to disclose the vulnerability publicly, which is a last resort. This incident highlights the importance of transparent and reliable communication in the vulnerability disclosure process.