by Renee Dudley
ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published.
Members of Congress pressed Microsoft on Thursday to strengthen how it handles reported security flaws in its ubiquitous products after a series of cyberattacks struck the federal government.
The criticism from members of the House Homeland Security Committee came in response to a new ProPublica investigation that found Microsoft repeatedly rebuffed a company engineer who, beginning in 2017, warned that a product flaw left millions of users vulnerable to attack, including federal employees. Russian hackers later exploited that weakness in one of the largest cyberattacks in U.S. history, widely known as SolarWinds.
Rep. Bennie Thompson of Mississippi, the committee’s top Democrat, entered the news organization’s story into the congressional record. He then asked Microsoft President Brad Smith if the company has since established a process “to ensure that employee concerns about security at Microsoft or their products are prioritized and addressed.”
Smith, sitting alone at the witness table in a packed hearing room, told lawmakers that the company is shifting its approach to security. Microsoft is trying........