Australia: Issued Australia, US, Canada, United Kingdom, New Zealand and South Korea security agencies guidance on secure-by-design considerations in procuring digital products and services

On 5 December 2024, security agencies from Australia, the US, Canada, the United Kingdom, New Zealand, and South Korea issued guidance to organisations within their jurisdictions on the procurement of secure and verifiable technologies. This guidance comes in the form of two advisories, one directed to senior executives and the other directed to the organisation as a whole. The guidance recommends a secure-by-design and secure-by-default approach to software manufacture and procurement. It emphasises collaboration between procurers and manufacturers, embedded security in product development and delivery, assessment of risks across the supply chain, data and access controls, and transparency from manufacturers.