Under current rules, American legislation, by subordinate companies should regularly mention in the forms 8-K, 10-Q and 10-K about the main risk factors that threaten the business or could result for shareholders is a serious loss. As a rule, investors or shareholders constantly sue claim to the leadership of companies and in consideration of the claims is also mentioned in the section risk factors.
Last year AMD had to face a class action from shareholders who claimed that management had deliberately downplayed the severity of such vulnerabilities Spectre of a second embodiment using this information for artificial increase of stock of AMD during the period when there was an active discussion the susceptibility of Intel vulnerabilities Meltdown and the Spectre. The plaintiffs claimed that AMD has been too long hidden from the public data about these vulnerabilities, but Google’s Project Zero informed the company about their presence in mid-2017. Direct references about vulnerabilities in forms 8-K, 10-Q and 10-K to the end of the year AMD did, and decided to speak only on 3 January 2018, when the existence of the vulnerabilities was made public at the initiative of a British tabloid.
The plaintiffs claimed that the statements from the third of January and later in the next few days an interview with representatives from AMD attempted to reduce the significance of the vulnerability of the Spectre of the second option, calling the possibility of its practical implementation by an attacker is “close to zero”. This wording can now be found in a special section of AMD site. Further, according to the statement the company says that “vulnerability to option 2 have not yet been found in AMD processors”.
Eleventh January 2018 and extended out a press release in which AMD is already talking about the need to take measures to protect against the vulnerability Spectre of a second embodiment. The developer of processors does not hide that this vulnerability is applicable to them, to further minimize threats begin to spread the updates of operating systems and microcode.
The plaintiffs argue that the management of AMD were able to use these eight days ‘ head start between the two statements in January 2018 to hold the company’s stock price at artificially high levels for the purpose of illegal enrichment on transactions with them. However, the Federal district court for the Northern district of California this week ruled that the arguments of the plaintiffs are not wealthy, and acquitted the AMD in this case. However, the plaintiffs have 21 days to appeal this decision, and for AMD everything is so fast might not be over.
The court found that withholding information about vulnerabilities within six months from the moment of their detection is a common practice, allowing to take measures to protect from these vulnerabilities and the elimination of any malicious use of this information to eliminate threats by forces of the developer of processors and software. Accordingly, in the silence of the representatives of AMD to Jan no malicious intent. Moreover, the severity of vulnerabilities could be recognized by AMD not too high to make emergency statement on the subject.
Secondly, all the arguments of the plaintiffs to reduce the risk of vulnerability Spectre of the second option the court considered superficial. The phrase “close to zero” in the description of the probability of threats does not mean that this threat can completely ignore, and in the period from the third to the eleventh of January AMD, so don’t try to inject users, shareholders and investors astray. The court did not provide evidence of successful practical implementation of threats through vulnerability Spectre of option 2. In the future, AMD has faithfully worked with partners for a complete elimination of the ability to exploit the vulnerability of this type, and therefore it can not be reproached and negligence.