Once you’ve analyzed and designed your systems, it’s time to implement your plans. In some cases, implementation might mean buying an off-the-shelf solution. Chapter 11 provides one example of Google’s thought process in deciding to build a custom software solution.
Part III of this book focuses on integrating security and reliability during the implementation phase of the software development lifecycle. Chapter 12 reiterates the idea that frameworks will simplify your systems. Adding static analysis and fuzzing during testing, as described in Chapter 13, will harden the code. Chapter 14 discusses why you should also invest in verifiable builds and further controls—safeguards around coding, building, and testing have limited effect if adversaries can bypass them by reaching your production environment.
Even if your entire software supply chain is resilient to security and reliability failures, you’ll inevitably need to analyze your systems when problems arise. Chapter 15 discusses the careful balance you must strike between granting appropriate debugging access and the security requirements of storing and accessing logs.