Stock-tanking in St. Jude Medical security disclosure might have legs



For better or worse, a security firm’s attempt to cash in on software bugs — by shorting a company’s stock and then publicizing the flaws — might have pioneered a new approach to vulnerability disclosure.

Last August, security company MedSec revealed it had found flaws in pacemakers and other healthcare products from St. Jude Medical, potentially putting patients at risk.

However, the controversy came over how MedSec sought to cash in on those bugs: it did so, by partnering with an investment firm to bet against St. Jude’s stock. Since then, the two parties have been locked in a legal battle over the suspected vulnerabilities. But on Monday, MedSec claimed some vindication.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security