AFAIK Viceroy didn't pay any security researchers.
-
-
-
Didn't we go through this already with Muddy Waters?
1 reply 0 retweets 0 likes -
As of right now, this story is different.
1 reply 0 retweets 1 like -
Replying to @lorenzofb @mtoecker and
Has anyone been able to get any comment from CTS-Labs on this? They keep sending me nonsense answers and avoiding the basic question: did they work with any short sellers on this project? Did they short sell AMD?
2 replies 0 retweets 2 likes -
Replying to @iblametom @lorenzofb and
Also isn’t the question of morals based on how severe the problems actually are? And how much the researchers market the flaws?
1 reply 0 retweets 1 like -
Replying to @iblametom @lorenzofb and
It's an interesting discussion, I haven't fully formed an opinion yet. I can see arguments for and against.
1 reply 0 retweets 1 like -
Replying to @taviso @iblametom and
I think ethical issues debates are usually not helpful, but from a “does this protect the public better, as CTS Labs claim?” can be answered by “there’s no fix yet and they shared the PoCs without NDA - so no”.
1 reply 0 retweets 3 likes -
Replying to @GossiTheDog @iblametom and
Agreed. The counterargument is that we should incentivize expensive security research by allowing recoup of investment. The optimal way to protect the public is to force big pharma to make drugs at their expense, but then who is going to R&D new drugs? Balance good vs incentive.
4 replies 0 retweets 7 likes -
Replying to @taviso @GossiTheDog and
Another counter is that companies respond aggressively to value threats. Something that hurts the stock price will get more attention than something that doesn't. If boards associate vulnerabilities with short activity, they may have more interest in creating secure products.
1 reply 0 retweets 0 likes
Yes. The obvious way to fund and monetize security research is blackmarket exploit sales, a practice we'd like to discourage. If we can find a way to incentivize expensive research that balances public good with recouping investment, then maybe there is merit? 
-
-
High quality security research makes software safer, but is expensive. Incentives are pretty slim if you take away exploit sales. I think we should fix that.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.