Ten agencies from across seven countries have joined forces to create a guide for software developer organizations to ensure their products are both secure by design and by default. The joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, comes after several recently identified critical vulnerabilities in vendor software. In April, The United States Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors, including critical vulnerabilities. A few weeks prior, the agency had also issued advisories on 49 vulnerabilities in eight ICS from providers including Delta Electronics, Hitachi, Keysight, Rockwell, Siemens, and VISAM.