Instead of following industry traditions by alerting St. Jude Medical when researchers found alleged bugs in the company’s implantable heart equipment, MedSec struck a deal with a short-seller called Muddy Waters Research. The investment firm would make the vulnerabilities public in exchange for giving the cybersecurity firm a cut of the profits Muddy Waters made from betting against the medical device maker’s stock, MedSec chief executive Justine Bone said in an interview. The arrangement was first reported by Bloomberg News.

The deal represents a potentially lucrative new strategy for monetizing cybersecurity research. But some experts say the deal threatens the relationship between developers and the hacker community — and that not giving companies a chance to fix problems upfront leaves ordinary users at risk.
A new hacker money-making strategy: Betting against insecure companies on Wall Street

Source: Washington Post

1 Notes

  1. accessnow posted this