Safeguard
Tag

sec

Safeguard articles tagged "sec" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Compliance

SEC cyber-incident 8-K disclosure and the software supply chain in 2026

The SEC's Item 1.05 8-K rule has been live since December 2023, and supply-chain incidents are now the most common trigger for a four-day materiality clock. Here is what programs need to know.

May 12, 20268 min read
Incident Analysis

Two Years of Item 1.05: What the Notable 8-K Filings Tell Us

From UnitedHealth to AT&T to Snowflake's downstream effects, two years of Item 1.05 filings reveal patterns in materiality, vendor incidents, and update cadence.

Feb 18, 20267 min read
Compliance

SEC Form 8-K Item 1.05: Two Years of Enforcement Lessons

Two years into mandatory cybersecurity incident disclosure, the SEC has issued comment letter sweeps and settled enforcement actions. Here is what filers got wrong.

Feb 4, 20266 min read
Compliance

SEC Cyber Incident Disclosure Rule: Year Two

Two years into Item 1.05 of Form 8-K, the SEC has clarified materiality, enforcement posture, and how Regulation S-K Item 106 cybersecurity narratives will be judged.

Feb 4, 20267 min read
Regulation

SEC Item 1.05 Year Two: 8-Ks, Sweeps, and the May 2024 Guidance

Between December 2023 and January 2025, 54 companies filed 55 cyber incident 8-Ks. The May 2024 SEC staff guidance bifurcated the practice into 1.05 versus 8.01 disclosures.

Mar 4, 20256 min read
Compliance

SEC Cyber Disclosure Rules: What Public Companies Must Do Now

The SEC's new cybersecurity disclosure rules require public companies to report material incidents within four days. Here's the operational impact.

Dec 15, 20236 min read
Regulatory Compliance

SOX IT Controls and Software Supply Chain

SOX ITGCs are being rewritten around open-source software and build integrity as PCAOB and SEC scrutiny extends ICFR into the developer toolchain for the first time.

Nov 26, 20235 min read
sec — Safeguard Blog