Within the framework of the Forum "BANKIT-2025", which took place in Minsk on October 15-16, 2025, the discussion "Trusted Software for Trusted Banks" was held. LLC "Informational Portals and Services" was a Partner of the discussion.
During the discussion, participants touched upon the following topics:
- Concept of ensuring the sovereignty of the Republic of Belarus in the field of digital development until 2030;
- Secure software development SSDLC (Secure Software Development Lifecycle - "Secure Software Development Lifecycle");
- Barriers (restrictions) for the implementation of SSDLC;
- Raising the level of security of domestic software development;
- Types of cyber risks most critical for banks when working with suppliers and software developers;
- Monitoring and auditing tools when accrediting IT solution suppliers;
- Software testing and certification tools;
- Tools for assessing cyber risks and information security risks;
- Classification of software suppliers by risk level;
- Ensuring business process continuity during failures at software suppliers;
- Ensuring compliance with bank requirements for secure software development;
- Requirements for IT solution and software suppliers and legal formalization of trust with suppliers;
- Recommendations for the implementation of secure development technology;
- Creating a register of trusted software developers;
- Creating a depository (register) of source codes of trusted software.
The implementation of the principles and technologies of trusted software development is a multifaceted task, the solution of which requires a constant continuous improvement of the competence of production teams both for customers and software developers. The implementation of SSDLC is an integral part of an continuously improving Information Security Management System (ISMS). The application of SSDLC principles requires a certain level of maturity of the ISMS of both developers and organizations providing operation of information systems and services.
The expansion of the application of SSDLC in the Republic of Belarus can serve, among other things, the further development of licensing rules for activities in the field of software development and certification of information protection systems, the awareness of customers of the need to include appropriate requirements in contracts for both the supply of ready-made solutions and the development of software according to customer requirements.
Widespread implementation of SSDLC in practice will contribute to constructive cooperation between the state and business in order to implement the provisions of the Concept of ensuring the sovereignty of the Republic of Belarus in the field of digital development until 2030.
The participants of the discussion noted the importance of continuing the dialogue between the state and business to develop a program of measures to improve approaches used in managing the software development life cycle.