When White Hats Go Grey

The way it’s supposed to work, white hat security researchers find vulnerabilities and report them to the offending company giving that company time to provide a patch before the vulnerabilities are published. It is what “good guys” do.

Cybersecurity company Medsec took a different path. After discovering vulnerabilities in St. Jude Medical’s pacemakers and defibrillators, they approached investment firm (and appropriately named) Muddy Waters with a plan to short St. Jude stock ahead of releasing a report on the company’s security issues. Medsec claims that St. Jude has known about their security issues for a long time, but had done nothing about them. Although their partnership with Muddy Waters had a financial gain element, Medsec claims that releasing the report publically with the intent on affecting St. Jude stock and potentially jeopardizing an acquisition by Abbott Laboratories was a financial cudgel meant to spur St. Jude to do something finally about its cybersecurity issues. So, is Medsec one of the good guys?

Legally, Medsec has no obligation to disclose anything to St. Jude. Morally, they are in a grey area as the public benefits from knowing St. Jude products have security issues. But announcing the vulnerability before St. Jude has time to fix the security issues provides the “bad guys” with time to exploit these security vulnerabilities, which can lead to injury or death. The public isn’t really in a better place. Because St. Jude’s stock dropped 10 percent the day the report was issued, Medsec and Muddy Waters are certainly in a better place.

Does this portend a new trend? Will security researchers take a similar tact in oil & gas and petrochemical where the stakes are potentially higher? Will markets react the same way? If companies like Medsec can show demonstrable financial gains that exceed anything available from corporate bug bounties, then yes we will see more white hats turn grey and take similar actions. Whether oil & gas or petrochemical companies will suffer similar fates, the future is uncertain.

What are your thoughts on this grey area?

Share this post


Neuropsychiatry Pharma Franchise
pharma franchisee India is a well-known Neuropsychiatry Pharma Franchise in India. We provide a wide range of Neuropsychiatry Product Range. Our products are highly effective in dealing with all the common Neuropsychiatrist products franchise.
5/11/2021 8:33:34 AM
Pharma PCD in India
Are you Looking Pharma Franchise Mart ,We are India’s no 1 B2B online Pharma portal where you can find the list of top GMP, WHO and ISO certified pharmaceutical companies.Pharma Franchise Company is the best Pharma Franchise Company in India.We are a highly trusted brand and considered to be one of a leading PCD based pharma companies.Pharma products in the various segment like derma range, gynae, critical care, ortho, cardiac diabetic, gastro, general and many more.Browse here for complete list of Pharma Product in All formulation like Tablets,Capsules,Syrup,suspensions,Injection etc.
2/13/2021 7:04:07 AM