3

Suppose company X has a product P. An independent InfoSec expert M found a vulnerability in product P that can turn it into a significant safety hazard. Under the responsible disclosure guideline, M has alerted X of the vulnerability. X disregarded it repeatedly. According to the usual vulnerability disclosure guideline, M should disclose the issue to the general public. This is likely to cause the stock prices of X drop significantly.

Can M short the stocks of X before disclosing this information?

K-C
  • 4,054
  • 13
  • 22
Maxthon Chan
  • 131
  • 2

1 Answers1

4

The issue is whether the discloser shorting the stock has engaged in securities fraud of some kind. In the case of a publicly traded company (which seems to be implied in the question), under U.S. law, the answer would generally be that this is not illegal.

"Insider trading" is prohibited, which generally involves confidential information obtained by the company itself or by someone contractually connected to it (i.e. "insiders"). If the information is generated independently, then it is not insider information and is not subject to disclosure.

In a closely held corporation context, in the context of a person-to-person transaction, there might be an issue of fraudulent concealment of a fact from the person on the other side of the trade. But, generally, in a publicly held share context, there would not be a duty of disclosure of non-insider information to the person on the other side of a short transaction (whose name you in all likelihood will never even learn).

I have no opinion on how the securities laws of other countries might handle this issue.

ohwilleke
  • 257,510
  • 16
  • 506
  • 896