23 Oct 2017

‘We’ve nothing to hide’: Kaspersky Lab offers to open up source code


Russian cybersecurity company Kaspersky Lab has unveiled to independent experts an unprecedented Global Transparency Initiative that will open its code. The audit is a bid to stave off US accusations the company is working for Russian security services.

Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian government hackers to steal classified material from a computer belonging to an NSA contractor.

Earlier this month another story published by the New York Times claimed that Israeli government hackers hacked into Kaspersky’s network in 2015 and caught Russian hackers red-handed hacking US government with the help of Kaspersky.

US officials have long been suspicious that Kaspersky antivirus firm may have ties to Russian intelligence agencies.

Back in July, the company offered to turn over the source code for the U.S. government to audit.
However, the offer did not stop U.S. Department of Homeland Security (DHS) from banning and removing Kaspersky software from all of the government computers.

In a blog post today the company published (The initial phase of Kaspersky Lab’s Global Transparency Initiative will include)

  1. Initiating an independent review of the company’s source code by Q1 2018, with similar reviews of the company’s software updates and threat detection rules to follow;
  2. Commencing an independent assessment of (i) the company’s secure development lifecycle processes, and (ii) its software and supply chain risk mitigation strategies by Q1 2018;
  3. Development of additional controls to govern the company’s data processing practices in coordination with an independent party that can attest to the company’s compliance with said controls by Q1 2018;
  4. Formation of three Transparency Centers globally, with plans to establish the first one in 2018, to address any security issues together with customers, trusted partners and government stakeholders; the centers will serve as a facility for trusted partners to access reviews on the company’s code, software updates, and threat detection rules, along with other activities. The Transparency Centers will open in Asia, Europe and the U.S. by 2020;
  5. Increasing bug bounty awards up to $100,000 for the most severe vulnerabilities found under Kaspersky Lab’s Coordinated Vulnerability Disclosure program to further incentivize independent security researchers to supplement the company’s vulnerability detection and mitigation efforts, by the end of 2017.
Now it is important to see whether these actions will be enough to restore the confidence of US government agencies in Kaspersky or the company will be forced to move its base out of Russia.
Image Credit : THN


IT Security Professional – Security Researcher & Consultant for the Government, Enthusiast, Malware Analyst, Penetration Tester.

Leave your thought