Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Kaspersky Aims to Clear Its Name With New Transparency Initiative

Kaspersky Lab announced on Monday the launch of a new Global Transparency Initiative whose goal is to help the company clear its name following recent reports about its inappropriate ties to the Russian government.

Kaspersky Lab announced on Monday the launch of a new Global Transparency Initiative whose goal is to help the company clear its name following recent reports about its inappropriate ties to the Russian government.

There have been several media reports analyzing the company’s alleged connection to the Kremlin, which has led to many U.S. officials raising concerns regarding the use of Kaspersky products. It all culminated last month when the Department of Homeland Security (DHS) ordered all government agencies to identify and remove the firm’s security products.

The latest report on Kaspersky’s ties with Russia came from the Wall Street Journal, which claimed that Russian hackers had exploited Kaspersky software to steal NSA exploits. The news article did not provide too many details, but the main possible scenarios were that either Kaspersky colluded with the Russian government or that the hackers exploited vulnerabilities in the company’s products to access the NSA exploits.

Kaspersky has always denied any wrongdoing and it has often offered to allow governments to take a look at its source code to prove it. The company’s latest attempt to clear its reputation is the Global Transparency Initiative.

The first phase of the initiative includes an independent source code review that will be conducted by the first quarter of 2018. At a later time, the company’s software updates and threat detection rules will also be put under the microscope.

By Q1 2018, Kaspersky also wants an independent assessment of its secure development lifecycle processes, and its software and supply chain risk mitigation strategies. The firm has also proposed the development of additional controls to manage its data processing practices and confirmation of compliance with said controls by an independent party.

In order to give its partners – including government stakeholders – access to source code and other product components, Kaspersky plans on establishing three Transparency Centers in Asia, Europe and the United States. While the deadline for the three centers is 2020, the company wants to launch the first one next year.

Likely in response to the latest news report, which suggests that hackers may have stolen NSA files by exploiting a vulnerability in Kaspersky products, the security firm has promised to offer as much as $100,000 for severe vulnerabilities found in its products. The company currently offers $5,000 for serious flaws and wants to introduce the new maximum reward by the end of the year.

Advertisement. Scroll to continue reading.

“Internet balkanization benefits no one except cybercriminals,” said Eugene Kaspersky, chairman and CEO of Kaspersky Lab. “Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should. The internet was created to unite people and share knowledge.”

“Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens,” he added. “That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”

Eugene Kaspersky has been invited by the U.S. House of Representatives’ Oversight Subcommittee of the Committee on Science, Space, and Technology to testify and respond to the accusations brought against his company. However, the hearing was initially scheduled too soon, which did not give him enough time to obtain a U.S. visa. The hearing will be rescheduled for a later date, Kaspersky said on Twitter.

Related: Kaspersky in Focus as US-Russia Cyber-Tensions Rise

Related: Best Buy Drops Kaspersky Products Amid Russia Concerns

Related: U.S. Bans Kaspersky Software Amid Concerns Over Russia Ties

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.