Stock-tanking in St. Jude Medical security disclosure might have legs
For better or worse, a security firm’s attempt to cash in on software bugs — by shorting a company’s stock and then publicizing the flaws — might have pioneered a new approach to vulnerability disclosure.
Last August, security company MedSec revealed it had found flaws in pacemakers and other healthcare products from St. Jude Medical, potentially putting patients at risk.
However, the controversy came over how MedSec sought to cash in on those bugs: it did so, by partnering with an investment firm to bet against St. Jude’s stock. Since then, the two parties have been locked in a legal battle over the suspected vulnerabilities. But on Monday, MedSec claimed some vindication.