Attacking the messenger is an age-old trend in the bug reporting arena.

Microsoft has the backing of many governments, and has access to the best legal teams possible, leaving this guy in a world of hurt.

Microsoft seems to have brought this on themselves by creating a complex and user-hostile bug reporting system. It seems to me that they could have offered this person a job or a contract, because Eclipse has been amazingly effective at uncovering high-severity exploits.

Also, Eclipse could have approached various governments offering the exploits for sale, because a lucrative market exists for such things, assuming they aren't already in the NSA portfolio. Lots of above-board companies do the same thing.

Quotes in this article blame Eclipse for the damage, but the blame should really rest with Microsoft. Eclipse is apparently just one person using an AI framework. Microsoft has vastly more resources to discover and fix problems with their products, but they never seem to do it themselves.