en.Wedoany.com Reported - The Sixth Software Development Security Day was held in Moscow on June 17. This annual practice-oriented conference, organized by the Russian Software Products Association (ARPP "Otechestvenny Soft"), brought together over 100 IT company executives, technical directors, AppSec experts, regulatory representatives, and academics. Supported by Russian cybersecurity solutions developer UserGate, the conference focused on topics including the application of artificial intelligence in development, open-source component security, software supply chain protection, DevSecOps practices, and the evolution of secure development processes.

Renat Lashin, Executive Director of the Russian Software Products Association, noted in his address that IT company participation in the conference has increased more than tenfold since its inception. The industry is shifting from discussing requirements and standards to sharing practical experience in integrating secure development practices. The association's goal is to foster dialogue among developers, customers, experts, and regulators.

Dmitry Kurashev, Co-founder and Director of UserGate, stated that code security is a fundamental principle of his company. UserGate plans to complete the software development security standard certification process in the near future to demonstrate the maturity of its internal processes and the security of its solutions.

Roman Karpov, Head of the Information Security Committee of the Russian Software Products Association, General Manager of Axiom JDK, and conference host, mentioned that based on the conference outcomes, the association will provide support in three areas: implementing practices in accordance with Federal Service for Technical and Export Control (FSTEC) requirements, conducting audits per GOST 56939-2024, and preparing documentation for the fourth trust level. The association plans to develop targeted support programs for secure development, encouraging companies to move from attention to actual implementation.

A dedicated session discussed the regulatory and methodological foundations of secure development. Anastasia Sakulina, Advisor to the Bank of Russia, introduced that Section 7.4 of the new version of the protection profile has been aligned with the national standard for secure development, making requirements for the secure development lifecycle more detailed and verifiable. The Bank of Russia plans to supplement new requirements based on technological advancements.

Elena Sosnina, an expert from the Institute for System Programming of the Russian Academy of Sciences (ISP RAS), presented the information resource RBPO.RF, which integrates methodological materials and standard documents for implementing secure development processes. Customers are beginning to include requirements aligned with national standards in tender documents, and organizations face challenges in how to comply and demonstrate compliance.

Alexey Khoroshilov, Head of the System Software Security Research Center at ISP RAS, pointed out that security research on borrowed open-source components requires specialized methods. Requirements need to be refined for specific technology stacks and architectural components, covering attack surface analysis, dependency analysis, static analysis, dynamic testing, fuzzing, and the use of sanitizers. Generic methods cannot establish precise standards for all application cases; the industry needs more detailed, specialized approaches.

Representatives from several companies shared their experiences in implementing secure development and using tools. Sergey Nelyub, Technical Director of ASTRA AI, introduced an intelligent system for code generation. Fedor Bogoslovsky, Application Security Engineer at UserGate, discussed extending the coverage of Linux kernel subsystems in syzkaller. Leonid Bezvershenko, Senior Threat Researcher at Kaspersky GReAT, analyzed software supply chain attacks and vulnerability exploitation practices. Other presentations covered typical errors in secure development certification, establishing a unified trust space, secure development tools for cloud Git platforms, BYOK encryption methods, secure software development pipelines, the application of AI in secure development, and ASOC as a starting point for secure development.

The conference confirmed the industry's growing interest in secure development issues and companies' readiness for practical implementation. The Russian Software Products Association plans to hold the next Software Development Security Day in December 2026.

Technical Partner: "Truconf".

Information Partners: "Cybermedia", "Information Security" magazine, BIS Journal - Enterprise Information Security, RUSSOFT, APKIT.

The Russian Software Products Association is the largest alliance of replicated software manufacturers in Russia. Founded by Russian developers in 2009, it has over 300 IT company members with a total turnover of 570 billion rubles, accounting for 30% of the entire replicated software industry. For 17 years, the association has served as a professional center for building the regulatory framework in the field of import substitution and a platform for direct dialogue with the state.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com