Research Institute of Precision Devices has completed the introduction of the Solar appScreen application code analyzer

2020: Implementation of Solar appScreener

Joint Stock Company "" Research Institute of Precision Instruments completed the introduction of an application code analyzer for vulnerabilities and undeclared capabilities Solar appScreener in the development process. This was Rostelecom-Solar announced on September 30, 2020. With the help of the expertise of the Center for Security Control, ON operating on the basis of "-Rostelecom Solar," the Institute was able to build a full life cycle of secure development software created for the needs of the space industry.

On the basis of JSC "NII TP" a laboratory was created to test the developed software for safety. The Solar appScreener implementation project implemented within 3 months allows you to eliminate vulnerabilities in application code at each stage of development.

In order to select the optimal solution, the Institute analyzed the market for automated software scanning systems for vulnerabilities and conducted pilot testing of several solutions. As a result, the customer decided to implement Solar appScreener, since the system has a suitable set of functionality. Separately, JSC NII TP noted a wide variety of supported programming languages ​ ​ and a low percentage of false positives, as well as operational technical support ready to help in solving any issues.

Solar appScreener is a good example of a product that combines ease of implementation, excellent functionality and usability. All these qualities are very important for us, but it was especially pleasantly surprised by the time spent on testing the software, it was significantly reduced. This allowed us to optimize and further automate the process of checking developed software products for vulnerabilities in the code, - said Ivan Dmitrievich Barsukov, leading engineer for secure development at NII TP JSC.

The advantages of the product compared to competing systems are the ability to automatically detect programming languages ​ ​ used in the application, compare any scans in time to track the dynamics of vulnerability processing, the presence of cross-project analytics and upload reports in accordance with domestic classifications - such as OUD4 and NOS FSTEC of Russia.

For us, this project is without exaggeration significant. The development of software that solves various tasks in one of the strategic directions of the country's development places high demands on the tools that ensure the safety of the process.