This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs).
"critical software" here refers to weapons systems, spying systems, government surveillance systems, cyberwarfare software, etc.
Do you work on critical software
Why would they announce it instead of just memoing to their ghoul coders?
If I did, it wouldn't 😉