The guidance outlines ‘urgent steps’ for vendors to overhaul the design and development of their products. A push for a shift in responsibility for the safety and security of software products away from the end user, led by the US, has been backed by New Zealand and Australia. New Zealand's National Cyber Security Centre (NCSC), CERT NZ and the Australian Cyber Security Centre (ACSC) have joined remaining Five Eyes members the United States, United Kingdom and Canada, as well as Germany and the Netherlands, in the drive for increased onus on vendors for the safety of their products. The joint guidance outlines 'urgent steps' for vendors to overhaul the design and development of their products with safety for customers prioritised in a "secure-by-design and -default" approach. "The guidance, the first of its kind, is intended to catalyse progress towards further investments and cultural shifts necessary to achieve a safe and secure future," the statement reads. "We recognise the need for governments to work closely with industry and we hope this guidance prompts useful conversations, as well as helping organisations to understand the importance of robust security as a factor when making purchasing decisions," said Lisa Fond, deputy director-general of NCSC. "Cyber security cannot be an afterthought," added ACSC's head Abigail Bradshaw. "Strong and ongoing engagement between government, industry and the public is vital to putting cyber security at the centre of the technology design process." Vendors are urged to take action in three key areas; to take ownership of the security outcomes of their products with security controls automatically enabled, to "embrace radical transparency and accountability", and to strive for organisational change with executive-level commitment to prioritising product security. "By creating products that are secure... manufacturers can take much of the burden from end-users," said Rob Pope, Director of CERT NZ. "These steps are the cyber equivalent of seatbelts, simple inbuilt default practices that keep people safe. This publication shows that the government of Aotearoa New Zealand is serious about keeping people secure online." The guidance comes after the March release of the US National Cybersecurity Strategy, which encompasses virtually all the weaknesses and challenges inherent in cybersecurity, from software vulnerabilities to internet infrastructure vulnerabilities to workforce shortages. The strategy specifically identifies a “rebalance” in the responsibilities of cyber risk. Related content news ServiceNow hires Barry Dietrich for A/NZ and David Thodey as advisor Both hires are integral to the company. By Sasha Karen 03 May 2024 2 mins Careers Enterprise Applications Software Development news Broadcom hints "more to come" post-VMware Sums up the last few months after the November acquisition closing. By Sasha Karen 03 May 2024 3 mins Mergers and Acquisitions Cloud Computing Vendors and Providers news The Instillery targets costs to make cyber security services more accessible Service aims to encourage use of Microsoft licenses many businesses have already paid for. By Rob O’Neill 02 May 2024 2 mins Small and Medium Business Managed Service Providers Security news Enprise Group sales surge after resolution of MYOB dispute Enprise's board expects the improved performance to continue. By Rob O’Neill 02 May 2024 2 mins Small and Medium Business Enterprise Applications Vendors and Providers