But in an unusual move, the CTS researchers shared their full findings with AMD only a day before going public, practically blindsiding the company. The typical disclosure window lasts for months, to give affected manufacturers a chance to address the issues. They also released their paper with almost no technical details that would allow anyone to reproduce the attacks they describe. And CTS includes an unusual disclaimer on its website that it may have “an economic interest in the performance of the securities of the companies” implicated in its reports, raising concerns from security analysts that they could benefit from a drop in AMD’s stock price.
“It’s kinda hard to parse it all at face value, because I don’t think they are acting in good faith, and the lack of details makes it unverifiable,” wrote Ben Gras, a hardware security researcher at the Free University of Amsterdam. “It makes me worry that even the impact may be reported in an inflated way.”