en.Wedoany.com Reported - Several leading Russian IT companies have jointly launched the "Unified Trust Space" initiative, aiming to build a certification system for domestic software code signing. This system will be used to issue code signing certificates to Russian software developers, reducing the dependence of domestic software on Western certification authorities.

Software code signing is a critical security mechanism in the software distribution and installation process. It acts as a digital identity mark for a program, proving that the software indeed comes from the corresponding developer and confirming that the code has not been tampered with after release. If a code signing certificate expires or is revoked, users may receive security warnings when installing or running the software, and in some system environments, it may affect program distribution, updates, and normal startup.

This initiative is being advanced by the "Unified Trust Space" working group, whose members cover multiple areas including Russian operating systems, information security, cryptographic technology, and enterprise software. Companies such as RusBITech-Astra, SberTech, BaseALT, Open Mobile Platform, CryptoPro, InfoTeKS, and Kaspersky are participating, indicating that Russia is elevating the issue of code signing from individual company contingency plans to an industry-level infrastructure construction effort.

The core of this system is to establish an industry technical certification center to provide domestic code signing certificates for Russian developers. Related testing work has been underway since November 2025 among multiple companies and operating system teams. Development teams for CryptoPro, InfoTeKS, Security Code, Kaspersky, SberTech, as well as operating systems like Astra Linux, Alt, RED OS, ROSA, and Aurora, have already participated in the processes of certificate issuance, software signing, and cross-verification.

The practical background of this project is that the Russian software ecosystem has long used code signing certificates issued by Western certification authorities. Organizations such as Sectigo and DigiCert have previously stopped issuing or renewing relevant certificates for Russian companies, and GlobalSign began revoking some security certificates for Russian websites in June of this year. Although website certificates and code signing certificates serve different purposes, such incidents have further amplified concerns within the Russian IT industry about disruptions to external trust systems.

For Russian software companies, the significance of a unified code certification system goes beyond simply "changing the certificate source." If domestic software lacks a signing mechanism recognized by operating systems and customers, it will impact update distribution, enterprise deployment, terminal installation, and security verification. Especially in government, finance, energy, transportation, and industrial sectors, where software supply chain security requirements are high, verifiable code sources, traceable update packages, and checkable certificate statuses are fundamental conditions for software delivery.

What the "Unified Trust Space" aims to solve is the root trust issue within the Russian software ecosystem. Only when operating systems, developers, enterprise customers, and security products collectively recognize the same certificate chain can code signing have practical effect. Otherwise, even if the certification center can issue certificates, compatibility issues may still arise in terminal systems, app stores, enterprise security policies, and user-side installation processes.

This initiative also reflects that software supply chain security is becoming part of national-level digital infrastructure. In the past, code signing was often viewed as a technical step in the software release process; now, after external certification services were restricted, it has become crucial to whether software can be stably delivered, continuously updated, and trusted by user devices. Russia's push for a domestic code signing certification system is essentially building a trust chain for the software industry that does not rely on external certification authorities.

From testing to large-scale adoption, issues such as certificate root implantation, operating system adaptation, certificate revocation mechanisms, developer onboarding processes, enterprise customer acceptance, and cross-platform compatibility still need to be resolved. For the Russian IT industry, the real challenge is not issuing the first batch of certificates, but ensuring that this trust system is stably accepted by more software, more terminals, and more enterprise deployment environments. Only by completing this step will the Unified Trust Space evolve from an industry initiative into the infrastructure of the software ecosystem.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com