Will Dormann, a noted vulnerability analyst, criticized Microsoft for requiring video evidence alongside his bug report, despite already providing detailed screenshots. His frustration grew when Microsoft insisted they couldn't proceed without a video, prompting Dormann to create a 15-minute mock video showcasing inactivity instead of a legitimate exploit demonstration. He highlighted that such demands for video proof were unusual in the infosec field and questioned the added value of repeating what his screenshots had already conveyed. Ultimately, Dormann's difficulty in submitting the video further exacerbated the situation, demonstrating inefficiencies in the process.
The information security community generally does not require video proof of vulnerability reports; Dormann's experience highlights Microsoft's unique and burdensome demands regarding vulnerability submissions.
Dormann expressed frustration at being requested to provide video proof of an already documented bug, noting that it provides no additional value to his detailed report.
Collection
[
|
...
]