Under current U.S. law, companies subject to it are required to report on Forms 8-K, 10-Q, and 10-K on a regular basis about key risk factors that threaten the business or could result in significant loss to shareholders. As a rule, investors or shareholders constantly bring claims to the courts against the management of companies, and pending claims are also mentioned in the section on risk factors.
Last year, AMD faced a class action lawsuit from company shareholders who claimed that management intentionally downplayed the severity of the Specter 2017 vulnerabilities by using the information to artificially boost AMD's stock price at a time when discussions began on the susceptibility of Intel processors to the Meltdown vulnerabilities and spectrum. The plaintiffs claimed that AMD kept these vulnerabilities from the public for too long, although Google Project Zero notified the company of their presence back in mid-8. AMD did not make direct mentions of vulnerabilities in the forms 10-K, 10-Q and 3-K until the end of the year, and decided to speak only on January 2018, XNUMX, when the fact of the existence of vulnerabilities became public on the initiative of a British tabloid.
The plaintiffs alleged that in statements dated January 2 and subsequent interviews in the coming days, AMD representatives tried to reduce the significance of the Specter vulnerability of the second option, calling the possibility of its practical implementation by an attacker "close to zero." This wording can still be found in a special section of the AMD website. Further in the statement, the company claims that "the variant XNUMX vulnerability has not yet been found in AMD processors."
On January 2018, XNUMX, the extended , in which AMD already talks about the need to take measures to protect against the Specter vulnerability of the second option. The developer of processors does not hide the fact that this type of vulnerability is applicable to them; to further minimize the threat, updates to operating systems and microcode begin to spread.
The plaintiffs allege that AMD management may have used the eight days of head start between the two statements in January 2018 to keep the company's stock price at an artificially high level in order to illegally enrich itself on transactions with them. However, the Federal District Court for the Northern District of California this week ruled that the plaintiffs' arguments were not valid and acquitted AMD in this case. True, the plaintiffs have 21 days to appeal this decision, and for AMD, everything may not end so quickly.
The Court recognized that hiding information about vulnerabilities for six months from the moment they were discovered is a common practice that allows you to take measures to protect against these vulnerabilities, as well as to exclude the malicious use of this information until the threats are eliminated by the processor and software developer. Accordingly, there was no malicious intent in the silence of AMD representatives until January. Moreover, the degree of danger of the found vulnerabilities could be recognized by AMD management as not too high to make emergency statements on this topic.
Secondly, all the arguments of the plaintiffs about downplaying the danger of Specter's vulnerability of the second option, the court considered superficial. The wording "close to zero" in the description of the likelihood of a threat realizing does not mean that this threat can be completely ignored, and during the period from January 2 to January XNUMX, therefore, AMD did not try to mislead users, shareholders and investors. No one provided the court with evidence of the successful practical implementation of the threat through the Specter variant XNUMX vulnerability. In the future, AMD worked in good faith with partners to completely exclude the possibility of exploiting this type of vulnerability, and therefore it cannot be blamed for negligence.
Source: 3dnews.ru