Microsoft suspends WireGuard, VeraCrypt accounts

This is a governance failure with security consequences: when a platform vendor controls signing access, a paperwork miss can briefly look like a supply-chain outage.

• –Microsoft says the verification process began on October 16, 2025 and required completion within 30 days, but maintainers say they got little or no actionable notice.
• –The practical risk is real: WireGuard, VeraCrypt, and similar tools need fast Windows releases for urgent fixes, including security patches and driver updates.
• –The incident shows how centralized OS signing pipelines can become single points of failure for open-source maintainers, especially for software that ships low-level Windows components.
• –Microsoft’s response suggests the company is treating this as a communication problem as much as a compliance problem, which implies the policy may stay but the rollout needs work.
• –The broader takeaway for developers is to assume platform compliance can fail independently of code quality and to keep release-path redundancy wherever possible.