Security Experts:

Kaspersky Aims to Clear Its Name With New Transparency Initiative

Kaspersky Lab announced on Monday the launch of a new Global Transparency Initiative whose goal is to help the company clear its name following recent reports about its inappropriate ties to the Russian government.

There have been several media reports analyzing the company’s alleged connection to the Kremlin, which has led to many U.S. officials raising concerns regarding the use of Kaspersky products. It all culminated last month when the Department of Homeland Security (DHS) ordered all government agencies to identify and remove the firm’s security products.

The latest report on Kaspersky’s ties with Russia came from the Wall Street Journal, which claimed that Russian hackers had exploited Kaspersky software to steal NSA exploits. The news article did not provide too many details, but the main possible scenarios were that either Kaspersky colluded with the Russian government or that the hackers exploited vulnerabilities in the company’s products to access the NSA exploits.

Kaspersky has always denied any wrongdoing and it has often offered to allow governments to take a look at its source code to prove it. The company’s latest attempt to clear its reputation is the Global Transparency Initiative.

The first phase of the initiative includes an independent source code review that will be conducted by the first quarter of 2018. At a later time, the company’s software updates and threat detection rules will also be put under the microscope.

By Q1 2018, Kaspersky also wants an independent assessment of its secure development lifecycle processes, and its software and supply chain risk mitigation strategies. The firm has also proposed the development of additional controls to manage its data processing practices and confirmation of compliance with said controls by an independent party.

In order to give its partners – including government stakeholders – access to source code and other product components, Kaspersky plans on establishing three Transparency Centers in Asia, Europe and the United States. While the deadline for the three centers is 2020, the company wants to launch the first one next year.

Likely in response to the latest news report, which suggests that hackers may have stolen NSA files by exploiting a vulnerability in Kaspersky products, the security firm has promised to offer as much as $100,000 for severe vulnerabilities found in its products. The company currently offers $5,000 for serious flaws and wants to introduce the new maximum reward by the end of the year.

“Internet balkanization benefits no one except cybercriminals,” said Eugene Kaspersky, chairman and CEO of Kaspersky Lab. “Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should. The internet was created to unite people and share knowledge.”

“Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens,” he added. “That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”

Eugene Kaspersky has been invited by the U.S. House of Representatives’ Oversight Subcommittee of the Committee on Science, Space, and Technology to testify and respond to the accusations brought against his company. However, the hearing was initially scheduled too soon, which did not give him enough time to obtain a U.S. visa. The hearing will be rescheduled for a later date, Kaspersky said on Twitter.

Related: Kaspersky in Focus as US-Russia Cyber-Tensions Rise

Related: Best Buy Drops Kaspersky Products Amid Russia Concerns

Related: U.S. Bans Kaspersky Software Amid Concerns Over Russia Ties

view counter
Eduard Kovacs is an international correspondent for SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.