FSTEC presented a roadmap and the current status of creating a unified environment for the development of safe domestic software

2025

FSTEC presented a roadmap and the current status of creating a unified environment for the development of safe domestic software

In June, finally, a contract was signed with the V.P. Ivannikova Institute for System Programming (ISP RAS) as the only supplier of work on creating a unified environment for the development of safe domestic software. This was announced on June 17 at an industry event by Irina Gefner, deputy head of the 2nd department. FSTEC Russia

A unified environment is a set of tools for developing secure software. As reported by the representative of FSTEC, as of June, Wednesday includes 12 such tools, including traditional tools for static and dynamic code analysis and specialized tools for detecting information leaks from memory, etc. These tools have already been tested in several organizations, and a methodology for their implementation has been created.

This is a universal mechanism that will allow us to automate the RBPO process in the near future, as they like to say: "So that one button is pressed, and everything is beautiful and safe." We strive for this, - said Irina Gefner.

And it is planned to achieve this by 2030, when the work on the creation of a unified environment for the development of safe domestic software should be completed.

𝓲

Фото: From Irina Gefner's presentation

By this time, it is planned to create a cloud service for a unified environment, which developers can use together with the methodology, and implement a full cycle of development of safe domestic software at their enterprises.

As for the near future, the contract with the ISP RAS was concluded for two years, and the plans include an expansion of the nomenclature of programming languages, for which standard methods will also be developed. We are talking about the most popular languages.

There are also artificial intelligence in the plans: a study should be carried out to introduce AI mechanisms, in particular machine learning, into the work of analyzers. Foreign practice shows that such attempts are already being made, but success can be judged later, when more application practice is developed, concluded Irina Gefner.

𝓲

Фото: From Irina Gefner's presentation

Creating a unified environment is one step in the development of secure software development. Regulatory measures in this area have been systematically taken for about 10 years. Among the latter - the release in 2024 of a new version of the standard GOST R 56939 "Information Protection. Development of secure software. General requirements. "

The Government of the Russian Federation has determined the ISP RAS as the sole contractor for the creation of a unified environment for the development of safe software

On May 21, 2025, Prime Minister RFMikhail Mishustin approved an order to select the only contractor to create a unified environment for the development of safe domestic software. It will be the Federal State Budgetary Institution of Science Institute for System Programming named after V.P. Ivannikova of the Russian Academy of Sciences.

The corresponding purchase in 2025-2026 will be carried out Federal Service for Technical and Export Control Russia (). FSTEC The Institute of System Programming named after V.P. Ivannikova will be able to involve subcontractors and co-executors in the execution of the state contract, subject to personal fulfillment of at least 50% of the total value of obligations. The deadline for the work is December 20, 2026.

𝓲

Фото: Kremlin website

As the Kommersant newspaper previously reported, the unified environment for the development of safe domestic software will allow Russian companies to create solutions that are initially trusted from the point of view of information security for subjects of critical information infrastructure (CII). The introduction of secure development principles is designed to reduce the number of vulnerabilities in the source code, which will positively affect the overall security level of software products and information systems.

Institute of System Programming named after V.P. Ivannikova is included in the register of accredited organizations of Ministry of Digital Development operating in the field of information technology. The institute develops products in areas such as operating systems, compiler technologies, big data analysis and processing, artificial intelligence, etc. Employees of the institute teach at the departments of system programming of a number of Russian universities.^[1]

2024

Inclusion of a state cloud for software secure development in the national project "Data Economics"

FSTEC of Russia has included in the national project "Data Economics" the creation of a cloud platform for the development of secure software. The launch of the project, which will be implemented by 2030, became known on November 21, 2024.

According to ComNews, Irina Gefner, Deputy Head of the 2nd Department of the FSTEC of Russia, said that the platform will provide the developers of domestic software with tools for independent research on software security. Work on the creation of the service will begin in 2025.

𝓲

Фото: Freepik

Director of the portfolio of solutions in the field of information security "Note Dome" Igor Soul emphasizes the relevance of the project in connection with the new requirements for software developers for critical information infrastructure facilities and the update of GOST on secure development in 2024.

Alexey Grishin, Technical Director of BPMSoft, notes the importance of including in the platform functionality the possibility of obtaining compliance certificates, especially for software used in government information systems.

Information security analyst at ASCON JSC Timur Belkin points to the potential of the platform as a source of practical experience for the operational updating of the regulatory framework of the FSTEC of Russia.

Dmitry Sokolov, head of the information security service at MyOffice, predicts that the service will be most in demand among small companies that do not have their own funds to implement secure development tools.

Mikhail Bocharov, Deputy General Director for Science of SiSoft Development JSC, emphasizes the importance of the platform for the exchange of experience and knowledge between developers, which will contribute to the creation of more reliable software solutions^[2]

Allocation of 1.6 billion rubles for the secure development of Russian OS and various software

In August 2024, the Federal Service for Technical and Export Control (FSTEC) will receive ₽1,6 billion from the federal budget for the implementation of five projects in the field of information security. These funds are aimed at developing a unified environment for the secure development of domestic software, creating an infrastructure for researching the security of Russian operating systems and testing software updates by foreign developers.

According to reports, one of CNews the main areas of financing will be the development of a unified environment for secure software development. By the end of 2024, ₽423 million were allocated for this project. The project will be engaged in, V.P. Ivannikov Institute for System Programming of the Russian Academy of Sciences (ISP RAS) which won the corresponding competition. The first stage includes the analysis of the classes of applied and system domestic, ON used in state information systems and at facilities. critical information infrastructure Russia Next, a methodology and a set of tools will be developed to ensure secure software development, as well as the procedure for their distribution to development organizations.

𝓲

Фото: Freepik

Another important project included in the federal project "Information Infrastructure" is the creation of infrastructure for a systematic security study of critical components of Russian operating systems. For its implementation, ₽309 million are provided. Here, the winner of the competition was the ISP RAS. Within the framework of the project, it is planned to develop methodologies for architectural analysis and fuzzing testing, as well as organize a full-system dynamic analysis of critical components that affect the safety of domestic software.

The third project is aimed at developing an infrastructure for testing software security updates by foreign developers. This project received funding in the amount of ₽79 million. The State Research Institute of Technical Information Protection (GNIITZI) at FSTEC will be responsible for its implementation. The main task will be to develop a methodology for assessing the criticality of vulnerabilities in software and organize the process of testing updates for undeclared capabilities in them.^[3]

2022

On February 16, 2022, the Federal Service for Technical and Export Control (FSTEC) of Russia announced a tender for "creating a unified environment for the development of safe domestic software." The initial (maximum) contract price is 510 million rubles.

As Kommersant writes with reference to the technical documentation for this project, within the framework of it it is planned to create a set of software solutions in which Russian software developers will be able to write solutions that are initially trusted from the point of view of information security for subjects of critical information infrastructure (CII).

FSTEC creates a system for secure development of software for 0.5 billion rubles

A trusted environment is necessary so that Russian companies, when creating software, cannot accidentally or intentionally leave vulnerabilities and backdoors in it. The platform is designed primarily for the development of products for the defense departments, the financial sector, the energy industry and other structures where the maximum level of security is required.

The Ministry of Digital Development explained to the publication that by February 2022, individual companies that use them for their needs have trusted software development environments. The creation of a unified environment will allow it to be used by a wide range of interested developers, the ministry added.

According to the source of the newspaper in the software market, a unified environment for the development of secure software is necessary so that FSTEC can actually control the process of its creation in real time. Subsequently, Russian companies may be obliged to develop software for KII subjects exclusively in this system in order to reduce information security risks, he said.

Applications for an open competition are accepted until March 4, 2022, the results will be summed up on March 11. The system should be launched by December 2024. Financing of this project is carried out at the expense of FSTEC funds allocated from the federal budget and pledged by the passport of the federal project "Information Security."^[4]

Notes