Threat Intelligence, Network Security, Vulnerability Management

Kaspersky transparency initiative to share code, updates to build trust

To prove that its products and services are trustworthy and to counter implications to the contrary after the U.S. government banned federal agencies from using its solutions, Kaspersky Lab has launched a Global Transparency Initiative, providing its source code for third-party review and opening three transparency centers around the globe.

In September, acting on concerns that Russian company Kaspersky Lab had connections to cyberespionage activities, Department of Homeland Security (DHS) Acting Secretary Elaine Duke issued a binding order nixing the use of Kaspersky Lab security software.

Israel's discovery that Russian hackers had used Kaspersky Lab's antivirus software to search computers worldwide for information on U.S. intelligence programs apparently prompted the U.S. government's ban. 

Russia's efforts were uncovered by the country's intelligence officers who hacked into Kaspersky's networks and spied on the Russian spies in real time.

While it's not known the extent of the information the hackers gleaned, the New York Times reported sources said the Russians did successfully pilfer classified data from the home computer of a National Security Agency (NSA) worker outfitted with Kaspersky AV software. 

In the first phase of the transparency initiative, Kaspersky Lab plans to start an independent review of its source code and an assessment of its secure development lifecycle processes as well as its strategies for software and supply mitigation by the first quarter of 2018.

In the same timeframe, the company will also engage an independent third party that can affirm its compliance by a set of additional controls it will develop to govern its data processing practices. The first of the three Transparency Centers will be established in 2018 to allow Kaspersky's trusted partners access to reviews of its code and updates as well as threat detection rules. All three centers – in Asia, Europe and the U.S.—will be opened by 2020.

Kaspersky also said that by the end of this year it would boost its bug bounties awarded in its Coordinated Vulnerability Disclosure program up to $100,000 for severe vulnerabilities.

Contending that the company had “nothing to hide,” Kaspersky Lab Chairman and CEO Eugene Kaspersky, said he believes the transparency initiative will help the company “overcome mistrust and support our commitment to protecting people” around the globe.

“Internet balkanization benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don't work like they should,” he said. “The internet was created to unite people and share knowledge. Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.