Jump to content

Kaspersky Lab Hits Back with Global Transparency Initiative


Recommended Posts

Under-fire cybersecurity giant Kaspersky Lab has launched a new transparency initiative which will see its source code offered up for independent review.


The firm’s Global Transparency Initiative aims to restore trust in the company at a time when its products have been banned by the US government amid reports of Russian intelligence using them to spy on targets.


The initiative promises an independent review of the vendor’s source code by Q1 2018, to be followed by similar reviews of its software updates and threat detection rules after that.


Kaspersky Lab also set out plans for an independent assessment of its secure development lifecycle processes and its software and supply chain risk mitigation strategies by Q1 next year, and claimed it will ask an independent third party to test compliance with a newly developed set of controls governing data processing practices.


Other aspects of the initiative include the creation of three new Transparency Centres where trusted partners can access reviews of the company’s code, software updates, and threat detection rules, among other things.


These will be located in the US, APAC and Europe, with the first center planned to launch next year.


The Moscow-headquartered vendor also announced an increase in bug bounty payments for its Coordinated Vulnerability Disclosure program to £75,000 ($100,000).


The transparency initiative can be seen in the context of a raft of bad publicity for the firm stemming from Washington’s ban on its products for federal use.


It has been reported that this decision was influenced by intelligence from Israeli spies, who spotted Russian agents using Kaspersky Lab AV to scan for and steal information on top secret US government programs.


This apparently led to the theft of classified material from an NSA contractor’s home.


Kaspersky Lab has always maintained its innocence, and it is entirely feasible that Russian intelligence compromised its products without its knowledge; just as the Israelis are alleged to have done.


Chairman and CEO, Eugene Kaspersky, argued in a statement that there’s a strong need to re-establish trust between companies, governments and citizens.


“That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet,” he added.


< Here > and < Here >

Link to comment
Share on other sites

  • Replies 5
  • Views 1.2k
  • Created
  • Last Reply

Kaspersky Opens Code to 3rd-Party Review in Effort to Combat Spying Accusations


In an attempt to dispell rumors that its software is being used as a backdoor into users' computers, Kaspersky Labs said today it would subject its security products to an independent third-party source code review.

The source code audit will be part of Kaspersky's larger plan named the Global Transparency Initiative that will also include an audit of its infrastructure and product development cycle.

Kaspersky plans to hire a trusted partner to carry out the security audit and offer results to governments and organizations that need reassurance that Kaspersky products aren't spying on users and allowing the FSB to search and collect sensitive data from users' computers, as the US government has alleged in the past few months.

Code review process to begin next year
The code review process will begin sometime in the first quarter of 2018. The security vendor is currently looking for a trusted third-party to review the source code.

"We're evaluating contractors for independent code review," Eugene Kaspersky, Kaspersky Lab CEO, said today. "[We] will communicate this publicly when ready."
Kaspersky also plans to open three "transparency centers" in Europe, Asia, and the US, where companies and governments will be able to access the source code review results in a safe environment. Kaspersky plans to open the first transparency center next year, while the third will open by 2020.

In addition, the company has increased the maximum bug bounty reward to a whopping $100,000 for vulnerabilities discovered in main Kaspersky products.

Kaspersky wanted to open software source since July
Eugene Kaspersky has always denied the US government's accusations and has previously offered to provide the US government access to the company's source code back in July.

The company's response comes after the US government has banned Kaspersky products from government computers, has pressured the private sector to stop using Kaspersky products, has interviewed Kaspersky employees, and after Office Depot and Best Buy have removed Kaspersky products from shelves.
It is still unclear if Kaspersky has allowed the FSB to use its product to search for government data on users' computers, or if the FSB hijacked the company's infrastructure without its knowledge.

A report from last week claims the FSB or Kaspersky might have used a technique called "silent signatures" to search data on users' computers. This technique is supported by most modern antivirus products and allows the AV maker to search for malware-related "strings" in users' files. The theory is that the FSB or Kaspersky employees might have used silent signatures to search for NSA-related files instead of malware.

"Internet balkanization benefits no one except cybercriminals," Kaspersky said today regarding the US government's recent accusations. "Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens."

Article source





Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...