Kaspersky Lab has long been regarded as one of the premier security software makers, but in recent years the company's products have come under scrutiny over fears of ties between the firm and Russian intelligence agencies. While there hasn't been any hard evidence for these claims, the security fears were enough for the US government to completely dump software from Kaspersky Lab.
To combat these concerns, Kaspersky Labs announced the launch of its Global Transparency Initiative. The security vendor will allow third parties to review its source code. The first step will be an independent review of the company's source code by Q1 2018, with similar reviews of software updates and threat detection rules to follow.
The next step will be the opening of Transparency Centers, where customers, trusted partners, and government stakeholders can review the source code. Kaspersky Lab plans to open its first Transparency Center in 2018 and by 2020 it should have centers in Asia, Europe and the US.
Kaspersky Lab is announcing the launch of its Global Transparency Initiative as part of its ongoing commitment to protecting customers from cyberthreats, regardless of their origin or purpose. With this Initiative, Kaspersky Lab will engage the broader information security community and other stakeholders in validating and verifying the trustworthiness of its products, internal processes, and business operations, as well as introducing additional accountability mechanisms by which the company can further demonstrate that it addresses any security issues promptly and thoroughly. As part of the Initiative, the company intends to provide the source code of its software – including software updates and threat-detection rules updates – for independent review and assessment.
Here's a look at what the company has in its pipeline to alleviate the fears about potential backdoors in its software:
The initial phase of Kaspersky Lab’s Global Transparency Initiative will include:
Initiating an independent review of the company’s source code by Q1 2018, with similar reviews of the company’s software updates and threat detection rules to follow;
Commencing an independent assessment of (i) the company’s secure development lifecycle processes, and (ii) its software and supply chain risk mitigation strategies by Q1 2018;
Development of additional controls to govern the company’s data processing practices in coordination with an independent party that can attest to the company’s compliance with said controls by Q1 2018;
Formation of three Transparency Centers globally, with plans to establish the first one in 2018, to address any security issues together with customers, trusted partners and government stakeholders; the centers will serve as a facility for trusted partners to access reviews on the company’s code, software updates, and threat detection rules, along with other activities. The Transparency Centers will open in Asia, Europe and the U.S. by 2020;
Increasing bug bounty awards up to $100,000 for the most severe vulnerabilities found under Kaspersky Lab’s Coordinated Vulnerability Disclosure program to further incentivize independent security researchers to supplement the company’s vulnerability detection and mitigation efforts, by the end of 2017.