New regulations by the U.S. Securities & Exchange Commission (SEC) require publicly-traded companies to disclose cybersecurity incidents and cyber risk management strategies within four business days of identifying a significant incident. Other details, such as risk management process descriptions, are to be included in annual 10-K reports. However, smaller companies and foreign private issuers are given exceptions and varied requirements. The rules will take effect in December 2023, with certain exceptions in effect from June 2024.
Stop blaming maintainers for open source risks
Open source leaders are pushing for permanent government financing to maintain open source projects. They argue that as government oversight is vital to the national
