Dmitry Evdokimov, founder and technical director of CloudRun LLC

tanjimajuha20 · Post by **tanjimajuha20** » Mon Jan 27, 2025 8:47 am

Kirill Demyanov, Head of the Information Security Systems Architecture Department of the Cybersecurity and Protection Center of PJSC Rostelecom, shared his experience of implementing automated vulnerability monitoring systems in the internal software repository used in the company. It is used by dozens of development teams.

Head of Software Security spain cell phone number list Department at Kaspersky Lab Dmitry Shmoylov called security one of the key criteria for code quality. In addition, the use of secure development technologies is increasingly being lobbied by regulators, primarily FSTEC. The use of such methodologies reduces the time required to certify products many times over, which is very important for vendors of products that require certification.
(Luntry), named the use of container technologies as one of the main drivers of the implementation of DevSecOps technologies, which was a response to the rise in prices of physical server equipment. According to his estimates, the use of DevSecOps increases costs by 10-30%, depending on how the development process is structured.

Dmitry Shmoylov, however, called these estimates somewhat overstated. Yes, using DevSecOps is not free, but the higher the level of automation of operations, the lower the share of costs.

Anton Gavrilov, Head of DevSecOps at the Information Security Center of JSC Infosystems Jet, called the overhead costs of protecting container environments the largest. This is due to the large number of open source products (up to 70%) and high requirements for personnel qualifications.

Leading DevSecOps engineer at UCSB LLC Evgeny Todyshev drew attention to the protection of development environments, especially those located in public clouds. For full protection of such environments, it is necessary to use firewalls for web applications (WAF), otherwise code can be compromised even when all other tools are used.

Managing Director, Product Director of Positive Technologies JSC Denis Korablyov noted that there are still many first implementations on the Russian market. According to his observations, only a few companies use the full cycle. However, it is not the number of products that is important, but how correctly they are used.

Denis Korablyov also stated that DevSecOps technology is not explicitly mentioned in FSTEC documents, but all the tools are there separately. FSTEC also planned to create a unified secure development environment.