Information security has long been a separate sphere, full of its own rules, laws, methods and techniques that have to be reckoned with. It is hard to imagine a bank or an airline company that does not care about the security of the products and services it creates. But it's not just web technologies that need to be protected. Millions of simple devices surround us: SIM cards, valve controllers in pipelines, airbag control units in cars - all of them need protection too.
The best way to secure these solutions is to create an inherently robust architecture that prevents disruption even if an attacker can find a security breach. But how do you make sure that the architecture the developer has designed is the right one? What criteria must it meet? And how can the development of such solutions be put on stream without clashing with a dozen related processes in a technologically advanced organization such as Kaspersky Lab?