Other

On the Kazan Digital Week, they brought the formula for the T1 IT Holding and the VTB of the Trust REPRECTION OPENED PRO in Russia


Representatives of the Bank of VTB, IT Holding T1, Sbretech, Rosatom and RAP RAS at the Kazan Digital Week-2025 brought the formula for the trusted repository of open software.

In particular, experts agreed that to determine the most critical requirements for the repository and confirm the safety of code, the regulator’s participation is necessary, and the functionality and development of the trusted repository should be regulated by the professional community.

The safety of using open software remains a key issue against the background of ongoing import substitution. This issue is most acute for state structures and business, especially organizations related to critical information infrastructure (KII). According to Sergei Bezobogov, deputy head of the technological unit-Senior Vice President of VTB, from the point of view of companies, the main condition for confidence in the open code is the possibility of checking and further development.

In turn, Dmitry Kharitonov, CEO of IT Holding T1, noted that from the side of the vendor the power of attorney is determined by three criteria-technical, legal and operational. Firstly, the company should be able to check the assembly of the code and test it. Secondly, there should be confidence that the software supplied by the vendor has a license and complies with the requirements of the client or regulator. And, thirdly, the developer should be able to ensure the further performance of such software.

Therefore, the task of forming a trusted repository of the open according to the first of all raises the question of the transparency of the technological stack of each solution. Sergei Bezbogov proposed to start with the exchange of tested libraries between the largest players by general methods. According to him, the initiative in this process should come from the companies themselves. “Today, each major organization is forced to independently conduct multi -level library checks, which at best occupies several days, or even weeks and months. It is necessary to build a system in which the library is checked once, and the results of this audit become available to the rest of the participants, ”said the speaker.

Moreover, Alexei Khoroshilov, the head of the Center for Safety Studies of the System Software Software RAS, identified additional positive effects to which the creation of the repository can potentially lead.

“As for the confidence and issues of security research, in our country, the practices, methods and technologies for the analysis of the Open-Source of components are really developed. In the world, there are not many states have advanced tools of static analysis. And we see a growing interest in these technologies from foreign colleagues, primarily from the BRICS countries that are ready to introduce our approaches. The center created under the auspices of the Russian FSTEK has already demonstrated the fundamental possibility of implementing the idea of ​​joint analysis of Open-Source components using the developers of information protection tools. The proposals of colleagues from the financial industry opens up new prospects for scaling the approach both within Russia and at the international level, ”he said.

Particular attention during the discussion was devoted to the requirements for the operator of the repository. Dmitry Kharitonov, the head of T1, in his speech formulated the criteria to which such an organization must meet in order to meet the requests of the state and business.

“Firstly, the company should have the necessary examination inside in order to not just test the code and receive certificates, but fully manage the development, correct defects, make changes and maintain the product. Secondly, trusted software should be used to work with critical infrastructure objects, and the company itself must have experience working with such objects. Without understanding the level of seriousness and specificity of this sphere, the company simply cannot be allowed. The factor of financial stability is also important – the operator should not disappear from the market tomorrow, this is an elementary guarantee of reliability and confidence of partners in each other. In addition, regulatory plays its role: the officially confirmed status of a systematically significant company can serve as an additional criterion for trust and reliability, ”Dmitry Kharitonov shared.

In addition, experts agreed that confidence in open components is impossible without confidence in the improvements that the companies create on their basis. Evgeny Abakumov, director of Rosatom’s information and digital technologies, suggested posting both the initial Open Source in the general repository and those components that are developed on its base within the companies – so as not to spend resources on re -solving typical tasks. “We see the need for self -regulation of quality confirmation processes. Companies can not only use, but also jointly form a base of components and libraries based on an open code in order to strengthen synergy and optimize costs. ”

At the same time, Russian business has already built a significant part of the infrastructure for the implementation of the trusted repository. According to Anton Atoyan, deputy general director-director of the Department of Sberbank Technology, large repositories already exist in Russia, and significant experience in their safe operation has been accumulated. “Today it is important to confirm the transparent criteria for trust and uniform rules, which will continue to use and develop open software,” he concluded, ”he concluded.

Participants in the discussion discussed further steps in the development of the ecosystem of the repository. Among them is the connection of specialized regulators to develop transparent methods and the creation of a stable ecosystem of trusted open code, which will allow business and the state to use Open-Source more safe and efficiently. As a result of the discussion, the speakers agreed to jointly conduct a pilot to develop criteria and technical and economic indicators of the trusted repository as a safe environment for development on the example of the implementation of the T1 IT Holding concept, developed together with VTB.

Ashley Davis

I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button