DARKReading

MedSec/Muddy Waters & The Future Of IoT Security

St. Jude vulnerability report could be test case for vulnerability disclosure.

The "responsible vulnerability disclosure" debate has lain relatively dormant for years but has just been rudely awoken. Last week, cybersecurity firm MedSec partnered with Muddy Waters to short-sell medical device company St. Jude Medical, releasing incomplete data about vulnerabilities in STM's pacemakers, implantable cardioverter-defibrillator devices, and the Merlin@Home monitoring device that communicates with them. The deal would enable MedSec to profit off of a drop in St. Jude's stock.
 
The event has raised new questions about what this means not just for vulnerability disclosure, but for the future of IoT security.   .....

MedSec/Muddy Waters & The Future Of IoT Security