上QQ阅读APP看书，第一时间看更新

Implementation

During implementation, the actual product is coded and/or manufactured, and integrated according to the design documents. Engineering Change Proposals (ECPs) are used when needed to modify requirements and designs, which then flow back into the implementation phase.

Developers must work with security engineers to code software and configure hardware to meet security requirements. Security engineers should aid developers by publishing secure coding guidelines, and configuring Continuous Integration (CI) tools to look for bugs in software.

Security engineers should also regularly run static and dynamic code analysis tools, and feed data from those tools back into the development process.

They should also work on creating test drivers or emulators that exercise functionality. For example, creating an emulator that emulates the instantiation of a secure connection (such as TLS) and the authentication between devices would provide developers with confidence that each device is operating according to defined security requirements.

Emulators can be a great tool for developers of IoT products and systems. The author participated in a proof of concept for the connected vehicle Security Credential Management System ( SCMS), where his team created an emulator of the On-Board Equipment (OBE) to be installed within connected vehicles. This OBE emulator was developed to the appropriate cryptographic specifications, and provided the development team with a way to test their interfaces during each release of the system. This was important for testing the bootstrap and enrollment processes of the SCMS.

本周热推：

网站入侵与脚本技术快速防杀数据安全与隐私计算应用密码学：原理、分析与Python实现物联网安全渗透测试技术商用密码应用与安全性评估