First comes Meltdown; then comes Spectre; and now, not even Advanced Micro Devices, Inc. (NASDAQ:AMD) has been spared from chip flaws in its hardware.
Tel Aviv-based security firm CTS Labs uncovered that between the chip giant’s Ryzen and EPYC processors, 13 flaws are in the mix- with challenges covering four classes of vulnerabilities. This follows critical security flaws that recently rival Intel investors reeling from a bug that left the majority of INTC chips from 1995 vulnerable.
Yet, did CTS Labs go against vulnerability disclosure rules? There is a procedure for these kinds of flaw findings- usually companies have the time in which to calculate a careful response. However, AMD barely had time to be hit with the plot twist before the report was leaked to the Street.
With Viceroy Research getting its hands on the vulnerability report, a financial analysis firm who has a history of recommending short-selling shares, questions are popping up about how honorable (or dishonorable) the motives are at play. After all, even Intel was given an opening space of 90 days to try to tackle the security challenges.
Keep in mind, Viceroy issued a long and harsh review of the prospective financial liabilities circling these flaws a mere hour after CTS broke the news- a monster report of 25 pages criticizing AMD shares as “worth $0.00.” Viceroy predicted bankruptcy was waiting for the chip giant.
CTS Labs is now facing questions from the likes of SearchSecurity about these disclosure tactics, with the company’s co-founder and CTO Yaron Luk-Zilberman left to make a case for himself on the AMDflaws.com site. Zilberman argues that “it’s up to the vendor if it wants to alert the customers that there is a problem.”
According to Luk-Zilberman, CTS Labs “verified [its] results carefully both internally and with a third-party validator — Trail of Bits — [and] delivered a full technical description and proof of concept of the vulnerabilities to AMD, Microsoft, Dell, HP, Symantec and other security companies.”
Viceroy founder Fraser Perring explained to SearchSecurity, “We’re trying to check because we’re getting a bunch of misinformation. We’ve got one report stating that we had the report well in advance and then we’ve got another report that basically says that we only had it a few hours before,” Perring told SearchSecurity. “From our perspective, we definitely had it in advance. It’s likely to have been before [Monday at 4pm].”
However, Perring confesses that upon being made aware of this leaked report, his company shared it with an expert who “corroborated the report and has been in contact with the other [experts] that have validated the findings actually said that a novice security analyst should have spotted this in development,” adding: “We employed people who had more technical expertise and ironically one of them is very public, but won’t comment that he was consulted by us because he doesn’t want the reputational damage.”
Luk-Zilberman asserts that Viceroy is not a CTS client, telling SearchSecurity: “We believe that Viceroy received our report from a third party with whom we had shared our report.”
If there is another cyber security flaw coming, without a deal in place, no one can anticipate just when the next leak will hit. However, with AMD investors who had been relieved that in the Meltdown and Spectre publicity, chips fell victim to only certain Spectre flaws, this does not bode well for a reputation of being the safer option to Intel.
Until then, ethical disclosure by CTS Labs is under fire.
TipRanks suggests sentiment is largely positive when it comes to this chip giant. Out of 15 analysts polled in the last 3 months, 7 are bullish on AMD stock, 5 remain sidelined, while 3 are bearish on the stock. With a return potential of 34%, the stock’s consensus target price stands at $15.46.