The US Government doesn't sanction Microsoft for its security failures

Tech vendors might soon get security rules and regulations

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

US government continues to buy Microsoft products regardless of security issues

Even though Microsoft allowed Chinese cybercriminals to steal data from the US government, they continue paying for its services. However, the company also focuses on AI more than security features and services. On top of that, researchers train Copilot on stolen data. Yet, none of it seems to be a problem. After all, Microsoft said a year ago that they would focus more on security.

Since then, Microsoft laid off multiple departments in favor of AI features and development. But, there are some improvements to their Azure security systems. Yet, they are using Copilot for Security. Unfortunately, this is not the first time Microsoft has failed to protect customer’s data.

Russian cybercriminals targeted Microsoft’s weak MFA authentication to steal the source code from the emails of its executives.

Did the us officials sanction Microsoft?

Microsoft didn’t receive any sanctions for its security vulnerabilities. On the contrary, the US government keeps working with the company for hefty sums. For example, according to the USASpending, the government paid $498.5 million to Microsoft in 2023.

Based on multiple sources, Microsoft is a major tech provider for the US government. Thus, they heavily rely on the company. So, they might introduce some rules and regulations for all tech vendors to enhance their security systems.

US Senator Ron Wyden wants tech companies that don’t respect the rules to be held accountable for security vulnerabilities. After all, the US government’s reliance on Microsoft could lead to additional security threats.

Furthermore, according to Jon Clay, the VP of threat intelligence at Trend Micro, Microsoft has to bring evidence of its security improvements. Also, the Redmont giant has to provide more information about the breach. Clay hopes to see quick answers from the tech giant. Additionally, he says that a stern warning could work in this situation.

Unfortunately, the US government continues facilitating Microsoft’s errors through their contracts. For example, they have a non-competitive procurement agreement. So, they don’t solicit bids from other companies. Also, the government uses limited source deals and makes Microsoft the only vendor allowed to bid. Thus, there is a lack of choice and security risks.

In a nutshell, even if Microsoft has security vulnerabilities, US authorities overlook them and continue to provide unfair support to the company. Thus, its competitors don’t have a say in the matter. So, the US government might face more security threats in the future.

What are your thoughts? Should the government search for alternative providers? Let us know in the comments.

More about the topics: Cybersecurity, microsoft, Microsoft copilot

User forum

0 messages