Did Nokia Pay for Vuln Info?

[phernandez]

Nokia got its hands on vulnerability details affecting some of the company's most popular cell phones. Question is, did they pay for the information?

Did Nokia pay for vulnerability information? - CSO Online

Nokia confirmed Thursday its widely used Series 40 operating system has security vulnerabilities that could allow stealth installation and activation of applications.

But the company is evasive on whether it paid â¬20,000 (US$29,500) to researcher Adam Gowdiak of Security Explorations, who wanted payment for the six-month effort spent finding the flaws.

Gowdiak would not disclose if he was paid, but said that only reputable, vetted companies that pay would get the full research, which amounted to 180 pages and 14,000 lines of proof-of-concept code.

[nihil]

I hope he did!

Hell, that's only $59,000 per year and you only get paid for what works?

Try employing a contract project manager or senior developer.......... you are looking at $4,000 a week!!!! and there are no guarantees

[t34b4g5]

I'm sure that the company would have got him to sign a gag order. And i wouldn't be suprised if they even offered him a nice job.

but to spend 6 month's is well hell of a commitment. You don't see skiddie's spending that much time researching something enough to find out multiple vuln's...

I do wonder if any or all the noted down pages will find there way onto the usual site's thus opening up mutated vuln's on a wider range of devices..