Best practice suggests that that bidirectional traceability between those requirements, software design artefacts, source code and tests should be established. Such an approach not only ensures that all security requirements are fulfilled, but also that there is no surplus code offering aggressors “back door” access to critical code.