Open Source Answer to Critical Infrastructure Security Challenges Vadim Shchepinov, Chief Executive Officer RED SOFT CORPORATION

Content 1.What is Open Source - New way for Software to be developed and utilized - Open Source Paradigm Timeline 2.Security Requirements and Challenges 3.Open Source answer to the security challenges 4.Database Management System is the key element of Information System Security - Open Source RDBMS – positioning within global IT 5.Red Soft - Strategy & Products & Services - Offer to European partners and clients

1.1 What is Open Source – Free software Open source is a model to develop, distribute and use software Consumer pays $ and gets software binaries for use; not source code. Traditional Licence allows to: consume, participate, contribute (report, suggest) Consumer gets software and source code without paying $ Open source Licence allows to: consume, participate, contribute (modify, distribute) SVC1 C2 $ Software Binary & source [use] [read source] [modify] [redistribute] [feedback: bug reports & fixes code] [feedback: support requests and resolution] [feedback: feature implementation code] [patches] [support] License SVC1 C2 $ Software Binary [use] [read source] [modify] [redistribute] [patches] [support] License [feedback: bug reports] [feedback: support requests] [feedback: features requests] Closed source – proprietary model Open Source Source: Accenture Open Source Business Models 2007

1.2 What is Open Source – Paradigm Timeline Sources: Optaros Open Source Catalogue 2007 & Red Soft Pioneer Age GNU/Linux V1.0 «Free» and Community Age Adoption by (Enterprise) Developers Open Source Based Business Models Commercial Open Source Adoption by the Enterprise Open Source enabled Business GNU Project GNU General Public License Free Software Foundation Today Linux V2.0 IBM commits to Linux Red Hat founded Red Hat goes public Red Hat acquires JBoss Red Hat $1 bln in revenue? IBM Linux business > $2 bln Open Source Term defined Apache Web Server V1.0 Apache Web Server V2.2 >50% of Internet SUN opens Open Office Borland opens Interbase Firebird Project Open source model matured into the viable and accepted way to produce and use software efficiently, quickly and cheaply while being not locked-in by a specific vendor

2. Security requirements and challenges IS may contain undeclared software functionality that might breach user security IS require security mechanisms and tools to be build in IS require a lot of effort and complex procedures to manage updates for security certified software IS require visibility and transparency for developers and IT teams to allow efficient development and support with high degree of security requirements fulfillment Information Systems (IS) are defined as key components of Critical Infrastructure by European Programme for Critical Infrastructure Protection (EPCIP) The security of information systems is very important and they are placed on the 3d position in the priority list of EPCIP after energy and nuclear industries Information systems security challenges are:

3. Open Source answer to Security challenges Almost impossible to introduce undeclared software functionality Direct access to code and more effective influence on the development road map to take into account forthcoming new security requirements Smooth and straightforward algorithm for security recertification of updated software Transparent and open solution By the very nature of being open Open Source model and respective products allow to build and use more secure Information Systems Very difficult to trace undeclared software functionality that might breach user security Difficult to build in the required security mechanisms and tools Management of updates for security proprietary software is very complex and effort intensive Low level of visibility, transparency and access to necessary info & support required by developers and IT teams Closed source – proprietary model Open Source

4. Database Management System is the key element of Information System security Database contains all the information in the information system - one source and storage place for all info Undeclared software functionality «kills» effectiveness of all the security mechanisms built into the other layers of information systems Database holds data and links between the data entities which allows structured security protection on different levels

4.1 Positioning of Open Source RDBMS within global IT Approx. 44% of developers is using Open Source RDBMS for development purposes Popularity and number of users grows some 25%/year. As of now it is close to the the level of commercial, enterprise RDBMS The level of discovered, security related errors in Closed Code is at least twice higher. Data about Undiscovered errors in Closed Code are not available. Source: Evans, IDC

5. Red Soft – Strategy and Products Red Soft Corporation is the preferred vendor of the secure database technology based on the Open Source model Red Data Base from Red Soft is secure Relational Database Management System (RDBMS) based on Firebird one of the best established, well-known and globally widespread open source DBMS kernels in the world Red Soft strategy is to be the Red Hat of global open source DBMS market Red Database is in process of certification of security functionality for compliance with ISO/IEC 17799:2005

5. Red Soft – Offer to European Partners and Clients All the Open Source product range starting with Red Data Base delivered and supported by European partners Off-shore programming work based on Red Soft tech stack at production facilities the Russia Support and SW development services provided to the clients directly and/or via partners Red Soft is offering its software products, services and software assembly/production facilities to companies and partners in Europe

6. Questions and Contacts RED SOFT CORPORATION Vadim Shchepinov, Chief Executive Officer Office Phone: