This article, a joint publication from the Cyber Security and Infrastructure Security Agency, the National Security Agency, the Federal Bureau of Investigation, and a coalition of international partner cybersecurity agencies, identifies that insecure technology products pose a significant cyber risk when it comes to introducing vulnerabilities to otherwise secure systems and practices. This article recommends a ‘Secure-by-design’ approach to technology products that prioritizes security over the entire lifetime of product design, development, and through updates. Default principles for operations are recommended, and the guidance within the NIST SP 800-218 is recommended to help software developers locate and remove vulnerabilities in their products.