Kaspersky Lab Hits Back with Global Transparency Initiative
Under-fire cybersecurity giant Kaspersky Lab has launched a new transparency initiative which will see its source code offered up for independent review.
The firm’s Global Transparency Initiative aims to restore trust in the company at a time when its products have been banned by the US government amid reports of Russian intelligence using them to spy on targets.
The initiative promises an independent review of the vendor’s source code by Q1 2018, to be followed by similar reviews of its software updates and threat detection rules after that.
Kaspersky Lab also set out plans for an independent assessment of its secure development lifecycle processes and its software and supply chain risk mitigation strategies by Q1 next year, and claimed it will ask an independent third party to test compliance with a newly developed set of controls governing data processing practices.
Other aspects of the initiative include the creation of three new Transparency Centres where trusted partners can access reviews of the company’s code, software updates, and threat detection rules, among other things.
These will be located in the US, APAC and Europe, with the first center planned to launch next year.
The Moscow-headquartered vendor also announced an increase in bug bounty payments for its Coordinated Vulnerability Disclosure program to £75,000 ($100,000).
The transparency initiative can be seen in the context of a raft of bad publicity for the firm stemming from Washington’s ban on its products for federal use.
It has been reported that this decision was influenced by intelligence from Israeli spies, who spotted Russian agents using Kaspersky Lab AV to scan for and steal information on top secret US government programs.
This apparently led to the theft of classified material from an NSA contractor’s home.
Kaspersky Lab has always maintained its innocence, and it is entirely feasible that Russian intelligence compromised its products without its knowledge; just as the Israelis are alleged to have done.
Chairman and CEO, Eugene Kaspersky, argued in a statement that there’s a strong need to re-establish trust between companies, governments and citizens.
“That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet,” he added.
Source: Information Security Magazine