How can the market players play with security vulnerabilities of different firms…Ill share the news
There is always a pact between a cybersecurity researchers and the companies that when a cyberSec. firm finds a vulnerability in an organization they will report it to the organization directly and get the money in reward or as per the deal.
But a strange thing somehow happened a Cybersecurity Firm- MED SEC found alleged bug in the St. Jude Medical company implantable heart equipment.
MedSec rather than approaching the medical company it went to the shortseller firm MUDDY WATER.
The investment firm Muddy Water would make the vulnerabilities public in exchange for giving the cybersecurity firm a cut of the profits Muddy Waters made from betting against the medical device maker’s stock.
http://www.denverpost.com/2016/09/04/cybersecurity-strategy-insecure-companies-wall-street/
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Interesting article..It will be interesting to see if this becomes a more common occurrence and if so, how will the SEC respond? As the article says, the idea that something like this would happen has been mentioned in security conferences for several years but this is the first “mainstream” occurrence. Since the findings were found by an outside firm, it would seem no trading laws were broken, which is reiterated by the fact that the SEC is currently choosing to remain silent on the issue. But issues of ethics and safety could require some kind of reactive measures if these types of exploits continue.
Bilaal,
This act becoming a more common practice is the first thing that strikes my mind as a concern. This would not be a good way to commercialize cyber security because it would invite hackers to explore this idea deeper and probably exploit it in a way in their own benefit. For example, they may infiltrate a system, create multiple back doors, then approach the same company later on to falsify new vulnerability findings to make money. Also, who knows how negatively this practice could impact the U.S. economy. Conversely, selling vulnerability findings can encourage the good guys to discover back doors before unethical hackers; however, no one really is certain how this would play out as an unregulated common practice in the economy.
I gotta think the SEC is going to have something to say about this sooner rather then later. Strip away the tech babble and this looks like insider trading to me. Also, seems unethical. When I have been involved in pen testing a third party application, the results were always share with the company that sells the software.
Wade