sec
Safeguard articles tagged "sec" — guides, analysis, and best practices for software supply chain and application security.
7 articles
SEC cyber-incident 8-K disclosure and the software supply chain in 2026
The SEC's Item 1.05 8-K rule has been live since December 2023, and supply-chain incidents are now the most common trigger for a four-day materiality clock. Here is what programs need to know.
Two Years of Item 1.05: What the Notable 8-K Filings Tell Us
From UnitedHealth to AT&T to Snowflake's downstream effects, two years of Item 1.05 filings reveal patterns in materiality, vendor incidents, and update cadence.
SEC Form 8-K Item 1.05: Two Years of Enforcement Lessons
Two years into mandatory cybersecurity incident disclosure, the SEC has issued comment letter sweeps and settled enforcement actions. Here is what filers got wrong.
SEC Cyber Incident Disclosure Rule: Year Two
Two years into Item 1.05 of Form 8-K, the SEC has clarified materiality, enforcement posture, and how Regulation S-K Item 106 cybersecurity narratives will be judged.
SEC Item 1.05 Year Two: 8-Ks, Sweeps, and the May 2024 Guidance
Between December 2023 and January 2025, 54 companies filed 55 cyber incident 8-Ks. The May 2024 SEC staff guidance bifurcated the practice into 1.05 versus 8.01 disclosures.
SEC Cyber Disclosure Rules: What Public Companies Must Do Now
The SEC's new cybersecurity disclosure rules require public companies to report material incidents within four days. Here's the operational impact.
SOX IT Controls and Software Supply Chain
SOX ITGCs are being rewritten around open-source software and build integrity as PCAOB and SEC scrutiny extends ICFR into the developer toolchain for the first time.