However, according to Kirill Semion,
Posted: Mon Jan 20, 2025 3:10 am
Evgeny Surkov, Product Manager at Innostej LLC, noted that additional checks for the absence of undeclared capabilities and the presence of correctly implemented security functions can be valuable even for “pure” Open Source products.
"It is important that these checks and functions do not remain on the report pages, and that the cost of the solution "fortified" in this way is adequate and proportionate to the benefit it brings, taking into account the closure of risks," said Evgeny Surkov.
it is not the conditions afghanistan whatsapp number database that need to be changed, but the procedure for adding to the registry. He believes that this process could include checking software for undeclared capabilities and vulnerabilities by a trusted third party and give developers time to eliminate the flaws.
Work on mistakes
Experts do not have a unified opinion about products that will not fit the new metrics if the latter are adopted. Thus, according to Ivan Panchenko, co-founder and deputy general director of Postgres Professional, head of the committee for the integration of Russian software of the Association of Software Developers "Domestic Software", software that does not meet the requirements should be excluded from the registry.
However, his colleague at ARPP, Ruslan Rakhmetov, disagrees with him. He noted that most responsible Russian developers are continuously improving their products and it would be reasonable to give them time to bring their software into compliance with the new metrics.
"Re-evaluation of solutions already included in the register for compliance with updated requirements can be carried out with the involvement of industry associations, such as ARPP "Domestic Software", he noted.
Avenir Voronov agrees with Ruslan Rakhmetov. He suggested conducting an audit of those who do not fit the new metrics, and publishing the results opposite the solutions so that developers know what they need to fix, and users know about potential threats.
"We see that many market players are in favor of a systemic registry cleanup. Not long ago, there were discussions at the legislative level about sorting products for incompatibility with Russian OS and DBMS. With products that do not meet these requirements, two scenarios are possible: either they are excluded from the registry, or time is allocated for revision. The general conclusion is obvious: today the market is at the stage of restructuring, systematization and consolidation," concluded Kirill Timofeev.
"It is important that these checks and functions do not remain on the report pages, and that the cost of the solution "fortified" in this way is adequate and proportionate to the benefit it brings, taking into account the closure of risks," said Evgeny Surkov.
it is not the conditions afghanistan whatsapp number database that need to be changed, but the procedure for adding to the registry. He believes that this process could include checking software for undeclared capabilities and vulnerabilities by a trusted third party and give developers time to eliminate the flaws.
Work on mistakes
Experts do not have a unified opinion about products that will not fit the new metrics if the latter are adopted. Thus, according to Ivan Panchenko, co-founder and deputy general director of Postgres Professional, head of the committee for the integration of Russian software of the Association of Software Developers "Domestic Software", software that does not meet the requirements should be excluded from the registry.
However, his colleague at ARPP, Ruslan Rakhmetov, disagrees with him. He noted that most responsible Russian developers are continuously improving their products and it would be reasonable to give them time to bring their software into compliance with the new metrics.
"Re-evaluation of solutions already included in the register for compliance with updated requirements can be carried out with the involvement of industry associations, such as ARPP "Domestic Software", he noted.
Avenir Voronov agrees with Ruslan Rakhmetov. He suggested conducting an audit of those who do not fit the new metrics, and publishing the results opposite the solutions so that developers know what they need to fix, and users know about potential threats.
"We see that many market players are in favor of a systemic registry cleanup. Not long ago, there were discussions at the legislative level about sorting products for incompatibility with Russian OS and DBMS. With products that do not meet these requirements, two scenarios are possible: either they are excluded from the registry, or time is allocated for revision. The general conclusion is obvious: today the market is at the stage of restructuring, systematization and consolidation," concluded Kirill Timofeev.