The substitution of foreign ICS systems is an interesting process from the point of view of vulnerability searching. On the one hand, foreign companies have already made much progress in fixing vulnerabilities in their devices. On the other hand, international practices and experience of development, working with vulnerabilities and disclosing them are neglected by Russian vendors. In this talk, I will tell you several real-life stories of interacting with Russian ICS vendors and compare the experience of working with vulnerabilities in the products of both foreign and Russian vendors.