Experts from the UTSB cybersecurity center performed a comprehensive audit of development processes in the group of companies Ctrl2GO
| Customers: Ctrl2Go Solutions, Clover Group (formerly Clover Group) Moscow; Information Technology Contractors: Ural Center for Safety Systems (UCSS) Product: IT and Security External Audit Projects (PCI DSS and ISMS)Project date: 2023/02 - 2023/08
|
2023: Evaluation of the development process
The Ural Center for Security Systems conducted an independent assessment of the development process in the Ctrl2GO group of companies, taking into account the requirements of Order of the FSTEC of Russia No. 239. As a result, Ctrl2GO Solutions (part of the Ctrl2GO group) has completed the development of software for monitoring and diagnosing the technical condition of equipment at industrial facilities, as well as improved secure development processes (DevSecOps) within the company. The company Ctrl2GO announced this on September 11, 2023.
Verification of software solutions for compliance with security requirements for critical information infrastructure facilities is mandatory for a number of industries. In the course of the work, analysts at the UTSB Cybersecurity Center not only audited the development processes, but also checked the security of the software being developed using the "white" and "black box" methods, analyzed its code and conducted fuzzing testing. The measures taken on the basis of expert conclusions helped Ctrl2GO Solutions to pass tests from its customer and prepare a solution for commissioning.
 | For our company, information security audits are not a routine task or a formal fulfillment of the requirements of industry standards. We have long come to the conclusion that such checks can improve not only the quality of software products, but also processes within the company. Of course, this is largely influenced by the experience, the level of training of analysts and the technologies and tools they use, - explained Andrey Kiryushenkov, head of IT projects at Ctrl2GO Solutions. |  |
To scale the audit results and systematically apply information security principles at all stages of the software product creation cycle in the Ctrl2GO group of companies, with the support of the Cyber Security Center, the USCB has prepared a roadmap for the development of DevSecOps processes.
| | Making recommendations, we adapted DevSecOps methods and practices to the goals, conditions and requirements of the Ctrl2GO group of companies. The use of secure development practices will help reduce the number of vulnerabilities in the source code, reduce the time and resources to correct deficiencies identified during inspections and minimize damage from potential information security incidents in the future, "commented Yevgeny Todyshev, head of the Safe Development Department of the UTS. | |
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |