back to article Four years: That's how long Azure's App Service had a source code leak bug

Microsoft has revealed a vulnerability in its Azure App Service for Linux allowed the download of files that users almost certainly did not intend to be made public. Microsoft bills the Azure App Service as just the thing if you want to “Quickly and easily create enterprise-ready web and mobile apps for any platform or device …

  1. Kevin McMurtrie Silver badge

    AAS holes

    I've seen this before. Is this a port of Microsoft IIS?

  2. Tromos

    $7,500 bounty for responsible disclosure?!?!

    C'mon Microscrooge, you can do better than that.

    1. Brewster's Angle Grinder Silver badge

      Easy money, though. I imagine any of us here could have pointed it out if we were Azure users and thought about it for 30 seconds.

      Most bugs take some finding and hat's off to the guys and gals who sniff them out. But my reaction to that was, "Damn, I could have found that and had that bonus!"

  3. Anonymous Coward
    Anonymous Coward

    3 months is a long time

    I guess responsible disclosure has nothing to do with responsible patching.

  4. Clausewitz 4.0

    Price of Disclosure $$$

    Those little paid disclosure premiums, sooner or later, comes to bite you.

    I read somewhere Microsoft had a little-protected game called Centennial Dog Food - Unfortunately, this game allowed players to gather info, emails and software from M$ clients marked HIGH CONFIDENTIAL - With a big financial impact possibility, if resold to bad actors with bad intentions.

    Big Bounties need to be paid if people want their assets well protected.

  5. Anonymous Coward
    Anonymous Coward

    Microsoft....Security....Concern for customers........

    .......hah!!! Actually concern for $$$ gathered from fanbois!!!


    Just saying!!!

  6. DJV Silver badge

    "Note that description does not mention security"

    Well, it's Microsoft* where security has always been an afterthought (if it's ever "thought" in the first place).

    * Actually, you can probably substitute almost any computer software company here. It seems to me that security is something that's always patched in later but is NEVER part of the mix of original ingredients.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like