Nokia says Series 40 operating system has security vulnerabilities that could allow stealth installation and activation of applications. Nokia evasive on whether it paid researcher Adam Gowdiak $29,500 for six-month effort to find flaws. Nokia says it isn’t aware of attacks against Series 40 devices, and the problems do not represent a “significant risk” Nokia’s position could rekindle the debate among security professionals on whether voluntary research should be rewarded by vendors whose products are affected. Vendors typically steer clear of paying researchers for vulnerability information.”]
Source: https://www.csoonline.com/article/2123110/did-nokia-pay-for-vulnerability-information-.html