Rostelecom, a major telecommunications company in Russia, has developed a repository called RTK-Fenix, which contains open libraries and packages that have passed safety verification. The repository is designed to reduce cyber risks, as web resources of state bodies and Russian companies are increasingly targeted by cyber attacks.
Corporate applications and services of its own development, as well as the use of open source code, are becoming less and less secure, making them vulnerable to harmful capabilities that can cause personal data leaks, site malfunctioning, and other problems. To address this, Rostelecom created RTK-Fenix, which is directed towards the Russian market.
RTK-Fenix is a comprehensive solution that can detect all third-party components with open code and binary form. It is a product based on the code safety monitoring subsystem developed by the Security Operation Center and the Safety Management Center Rostelecom, which includes the application code for the presence of Solar Appscanner vulnerabilities and other IB-tools. The product checks all subsidiaries, meaning it assesses the safety of transit dependencies of open code and gives a conclusion of whether the open code is safe to use.
The repository is versatile and supports the checking of safety, storage, and providing commands to develop safe artifacts in Maven, Pypi, DEB, RPM, GEM, NPM, NUGET, as well as additional platforms like Go, Dart and Docker, which are planned to be added in the future.
The idea of creating a Russian open code was first proposed by Prime Minister Mikhail Mishustin in September 2021. In October 2022, the Russian Foundation for the Development of Information Technologies (ORTS) announced its participation in the project, backed by government decree.
The experiment to create a repository began on March 21, 2023, with a budget of 1.3 billion rubles funded by the Rosinfominvest Foundation. The recipient of the funds will be the deer, which will then transfer them to the Open Code, which includes organizations like VK, Rostelecom, Innopolis University, T1 group, and others. ANO will form a technical task to create the repository. The project is set to conclude in the second quarter of 2024.