On October 31, 2023, in federal court in Manhattan, the United States Securities and Exchange Commission (SEC) filed a landmark lawsuit against SolarWinds and its CISO for securities fraud. The lawsuit reflects the SEC’s opinion that a company’s data security policies, practices and conditions are not only “material” to the potential investing public—and, therefore, must be accurately disclosed—but also suggested that “pablum” comments in public disclosures, such as “We take security seriously,” or that products or services are subject to a “secure development lifecycle [that] follows standard security practices including vulnerability testing, regression testing, penetration testing, and product security assessments,” can give rise to liability for securities fraud.
Mark Rasch is a CyberLaw Editor for securitycurrent, focusing on legal issues related to cybersecurity and technology. With a background in law and extensive experience in the field, Mark provides insightful analysis and commentary on topics such as privacy, data breaches, artificial intelligence, and the intersection of law and technology. His articles aim to inform and educate readers on the legal implications of cybersecurity and emerging technologies.