[bigyabai]

I commented because I've worked with regulated institutions where FDE was standard across the org. Bitlocker was laughed at whenever you mentioned it by name, there was not a single engineer I met that took it seriously (even the Windows daily drivers). Microsoft Windows is consistently identified as the weakest link for securing sensitive data, one job even had a no-fly policy for Windows laptops in case they were misplaced in luggage.

So remind me how Microsoft was reprimanded for merging Dual_EC_DRBG support into Windows Vista? Or how they were punished for turning over Bitlocker keys to US law enforcement? It never happens. The regulation isn't worth the paper it's written on, and it hasn't been for well over a decade now: https://en.wikipedia.org/wiki/NOBUS

[motohagiography]

we all know there are limits and vulnerabilities to manage in products. however, this backdoor appears to be a misrepresentation of the core function of the product. if you deployed something you believed to be a joke, you may be the sucker at that table, as thats culpable.

maybe the license language means they make no reps about security, but if this is as described they have compromised the compliance of their customer base.