So the saga of the QuickTime flaw found in a CanSecWest hacking contest is over, right? Well, not quite yet.

McAfee researcher Rahul Kashyap went on record today on the Avert Labs blog saying that purchasing from vulnerability-disclosure showcases, such as the “hack-a-Mac” contest won by Dino Dai Zovi last month, does much more harm to the security community than good.

Arguing that such disclosure methods give the bad guys “night vision,” Kashyap is the latest to take a swipe at TippingPoint, a division of 3Com, for paying $10,000 for the QuickTime flaw - which Apple patched last week - following Gartner, IBM Internet Security Systems and nCircle.

TippingPoint has repeatedly offered its side of the story as well.