Development problems of trusted software applied at critical information infrastructure objects (organizational and methodological aspects)

Due to the increasing complexity of information systems, information security threats associated with the presence of software vulnerabilities used in the information infrastructure systems become relevant. Today in order to protect against this type of threat one usually applies a range of measures implemented in the operation and maintenance of the software. At the same time, to ensure the required level of data protection, it is necessary to implement measures aimed at preventing vulnerabilities during the software life cycle. Secure software development is the basis for trust in information and communication technologies in the context of modern cyber threats. The aim of this paper is to summarize and analyze the problems of creating trusted software used in critical information infrastructure, and to find possible ways to solve them. The organizational and methodological aspects of the creation of trusted software used in critical information infrastructure are discussed, and the main problems, strategies and technologies to ensure the trust for various software components are described. The issue of trust for tools, system-wide and special software is still open both in methodological and organizational terms. To solve these problems, it is necessary to have a long-term state policy, development and clarification of legal documents that define common approaches and specific ways to ensure the reliability and security of the software used in critical information infrastructure, taking into account the actual conditions of their operation