[neuromancer2600]

Arstechnica also runs a story on this and cites a VW case where researchers were ordered by court not to disclose a flaw: http://arstechnica.com/security/2016/08/trading-in-stock-of-...

The real issue here is that stock effects have occurred because of both (i) a potential flaw in a product and (ii) short positions. Carson acts as a monetization platform for product flaws of publicly listed companies, creating value by executing (ii) for (i) and thus creating real pressure on companies to disclose and address (i). To what degree these accusations are true is another question and pulls this into the same reign as the currently ongoing public feud between Ackman and Icahn over Herbalife.

[tomp]

Hmm... I'm not sure I see this the same way. The impact on the price by a single investor shorting the stock (even a leveraged hedge fund) will be minimal. Furthermore, the only way for said investor to actually make a profit is to make other investors agree (i.e. to essentially anticipate their actions), so they do need to publicise the vulnerability. Still, they're taking a risk because other investors might not see the vulnerability as critical or otherwise worthy of a lower valuation.