Implementation

During implementation, the actual product is coded and/or manufactured, and integrated according to the design documents. Engineering Change Proposals (ECPs) are used when needed to modify requirements and designs, which then flow back into the implementation phase.

Developers must work with security engineers to code software and configure hardware to meet security requirements. Security engineers should aid developers by publishing secure coding guidelines, and configuring Continuous Integration (CI) tools to look for bugs in software.

Security engineers should also regularly run static and dynamic code analysis tools, and feed data from those tools back into the development process.

They should also work on creating test drivers or emulators that exercise functionality. For example, creating an emulator that emulates the instantiation of a secure connection (such as TLS) and the authentication between devices would provide developers with confidence that each device is operating according to defined security requirements.