To demonstrate that its products and services are trustworthy and to counter implications to the contrary after the US government banned federal agencies from using its solutions, Kaspersky Lab has launched a Global Transparency Initiative, providing its source code for third-party review and opening three transparency centres internationally.
In September, acting on concerns that Russian company Kaspersky Lab had connections to cyber-espionage activities, the US Department of Homeland Security (DHS) acting secretary Elaine Duke issued a binding order banning the use of Kaspersky Lab security software.
Israel's discovery that Russian hackers had used Kaspersky Lab's antivirus software to search computers worldwide for information on US intelligence programmes apparently prompted the US government's ban.
Russia's efforts were uncovered by the country's intelligence officers who hacked into Kaspersky's networks and spied on the Russian spies in real time.
While it's not known the extent of the information the hackers gleaned, the New York Times reported sources saying the Russians did successfully pilfer classified data from the home computer of a National Security Agency (NSA) worker outfitted with Kaspersky AV software.
In the first phase of the transparency initiative, Kaspersky Lab plans to start an independent review of its source code and an assessment of its secure development lifecycle processes as well as its strategies for software and supply mitigation by the first quarter of 2018.
In the same timeframe, the company will also engage an independent third party that can affirm its compliance by a set of additional controls it will develop to govern its data processing practices. The first of the three Transparency Centers will be established in 2018 to allow Kaspersky's trusted partners access to reviews of its code and updates as well as threat detection rules. All three centers – in Asia, Europe and the US—will be opened by 2020.
Kaspersky also said that by the end of this year it would boost its bug bounties awarded in its Coordinated Vulnerability Disclosure programme up to US$ 100,000 (£76,000) for severe vulnerabilities.
Contending that the company had “nothing to hide,” Kaspersky Lab Chairman and CEO Eugene Kaspersky, said he believes the transparency initiative will help the company “overcome mistrust and support our commitment to protecting people” around the globe.
“Internet balkanisation benefits no one except cyber-criminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don't work like they should,” he said. “The internet was created to unite people and share knowledge. Cyber-security has no borders, but attempts to introduce national boundaries in cyber-space is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens.”