The Federal Service for Technical and Export Control (FSTEC) has approved new software requirements. They relate to cybersecurity and set deadlines until the end of the year, within which developers need to conduct tests to identify vulnerabilities and undeclared capabilities in software. This is being done as part of protective measures and import substitution. However, according to experts, such verification will require significant costs and will reduce the amount of foreign software in the Russian public sector.
A whole list of programs will be distributed, including antiviruses, firewalls, antispam systems, security software and a number of operating systems. The requirements themselves will come into force on June 1, 2019.
βFSTEC certification services are not free, and the process itself is quite lengthy. As a result, information security systems already installed in companies or government agencies may at some point end up without valid certificates,β said one of the software development companies.
And the chief designer of Astra Linux, Yuri Sosnin, said that such initiatives will have to fork out. Although this will allow unscrupulous participants to be removed from the market.
βThe implementation of new requirements is quite a serious job: analysis, product development, its continuous support and elimination of shortcomings,β the specialist noted.
In turn, Nikita Pinchuk, director of technology at Infosecurity, noted that these rules will be difficult for domestic manufacturers, but for foreign ones this will be an even more serious problem.
βOne of the key requirements for checking undeclared capabilities is the transfer of the source code of solutions with a description of each function and operating mechanism. Large developers will never provide the source code of the solution, since this is confidential information that constitutes a trade secret,β he explained.
Source: 3dnews.ru