Kaspersky Lab tries to claw back trust with transparency initiative
Anatoliy Babiy | MalwarebytesKaspersky Lab has promised to work with independent companies to conduct audits on its product source code in the future in an effort to reestablish trust in the wake of alleged involvement in US government data theft.
On Monday, the company issued a brief statement which says that by Q1 2018, an "internationally recognized authority" will conduct independent source code reviews, as well as verify the "integrity of our solutions and processes."
While the reviewer company has not been named, in a statement to the Reuters news agency the firm said the chosen party has "strong credentials in software security and assurance testing for cyber-security products."
Last month, the US Department of Homeland Security (DHS) ordered all US federal agencies to stop using Kaspersky products within the next 90 days due to suspected ties to the Russian government.
The DHS said that Kaspersky products represented "information security risks," due to Russian laws which could be used to lean on the cybersecurity firm for cyberespionage purposes, and therefore could "compromise federal information and information systems directly implicates US national security."
The Trump administration has also removed Kaspersky from lists of approved vendors that the US government is permitted to purchase equipment and services from.
Kaspersky software was then explicitly blamed for the theft of sensitive documents owned by the US National Security Agency (NSA), taken home by an employee who was targeted by Russian hackers for the information. The report alleged the files were identified through the firm's antivirus software.
Kaspersky Lab has denied these allegations, calling them "false" and based on "inaccurate assumptions," and the creation of new transparency procedures has likely stemmed from a need to claw back trust from governments, businesses, and consumers alike.
The Moscow-based cybersecurity firm said there are also plans to create three "transparency centers" worldwide in the Asia, Europe, and the United States over the next three years. These centers will bring together the plans to review source code and internal processes, as well as make changes to coding and threat detection rules as necessary. The first center will be up and running in 2018 and the others are expected to be complete by 2020.
Kaspersky Lab said that the firm will work with stakeholders and the information security community in the future to further solidify plans to increase transparency and strengthen compliance.
See also: Israeli hackers caught Russian hackers exploiting Kaspersky, NYT reports
Kaspersky Lab will also be offering up to $100,000 in bumped-up bug bounty rewards to researchers who find and report vulnerabilities in core company products through the Coordinated Vulnerability Disclosure program by the end of 2017.
"We need to reestablish trust in relationships between companies, governments and citizens," said Eugene Kaspersky, Chairman, and CEO of Kaspersky Lab. "That's why we're launching this Global Transparency Initiative: we want to show how we're completely open and transparent."
"We've nothing to hide," the executive added. "And I believe that with these actions we'll be able to overcome mistrust and support our commitment to protecting people in any country on our planet."
Previous and related coverage
from Latest Topic for ZDNet in... http://ift.tt/2yI7sIP