New joint guidance by CISA and other governmental agencies prompts software manufacturers to ship products that are secure-by-design and -default.