I don't see this going in any direction other than a boilerplate that will become something that is ignored.

> SolarWinds and Brown defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.

In a nutshell, couldn't they say that in some way about any security software company?