I asked if you had an example scenario, you can make it as egregious as you like to make your point. To me, it seems like evaluating publicly available products is just common sense before taking a long or short position.
-
-
I also worry if this might lead to perverse incentives for responsible disclosure if dropping public vulns without working with the vendor to address and patch first proves to be consistently profitable.
1 reply 0 retweets 2 likes -
The only saving grace is that it looks like nobody has ever made money short-selling on vuln research.
1 reply 0 retweets 0 likes -
That's not the only saving grace, although it makes thing simpler haha. I think it could work. Reading muddy waters reports, they don't sound too different to hyped advisories applied to a different industry, e.g.http://www.muddywatersresearch.com/research/co/mw-is-short-groupe-casino/ …
1 reply 1 retweet 2 likes -
Replying to @taviso @alexstamos and
Still, you're obviously correct that once you step outside the bounds of objective facts that extreme care and thoughtful expert input is required to avoid legal trouble.
1 reply 0 retweets 2 likes -
Do you believe the AMD advisory website is completely within the bounds of objective fact? Would you feel comfortable defending the process used to get to those conclusions in a windowless room with an AUSA, an FBI Agent taking notes, and an SEC investigator?
1 reply 0 retweets 1 like -
No, the AMD website is farcical, and I think you could make a good argument for bad faith. I'm not defending that particular actor, I'm just talking about the abstract idea of using security research.
1 reply 0 retweets 2 likes -
Right, and my original prediction is that this trend of vuln research being supported by short selling is going to end badly. It sounds like you might not disagree.
3 replies 1 retweet 6 likes -
Replying to @alexstamos @matthew_d_green and
Insider trading laws might or might not apply. Are vulnerabilities in publicly available software or hardware "nonpublic"? In theory anyone could have found them, just as anyone could read an annual report. But then someone did find them, and kept it secret.
1 reply 0 retweets 0 likes -
Replying to @bahstgwamt @kragen and
No, I asked an expert. The important part is the "insider" part, it must be directly or indirectly from an officer of the company. You're allowed to research something, not publish your results, and trade based on your conclusions.
2 replies 1 retweet 1 like
The stock market is not supposed to be a game of chance, you're allowed to do research.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.