During implementation, the actual product is coded and/or manufactured, and integrated according to the design documents. Engineering Change Proposals (ECPs) are used when needed to modify requirements and designs, which then flow back into the implementation phase.

Developers must work with security engineers to code software and configure hardware to meet security requirements. Security engineers should aid developers by publishing secure coding guidelines, and configuring Continuous Integration (CI) tools to look for bugs in software.

Security engineers should also regularly run static and dynamic code analysis tools, and feed data from those tools back into the development process.

They should also work on creating test ...