Kaspersky will give third parties access to source code
Security firm Kaspersky will set up so-called transparency centers in Europe, Asia and the US. Third parties can view the source code of the company’s software here. The company will have its source code examined by an independent company next year.
The move is part of Kaspersky’s Global Transparency Initiative. In the three centers, customers, partners and governments can view the source code and other software. The company will start establishing its first center next year, with facilities in Europe, the US and Asia to be open by 2020.
In the first quarter of 2018, Kaspersky itself will have its source code vetted by an independent company. Software updates and threat detection rules are also examined. In the quarter, the company’s other practices will also receive an independent review, such as how the company handles data internally. The originally Russian company also increases the reward for providing serious vulnerabilities to one hundred thousand dollars.
Kaspersky emphasizes that this is only the first phase of his initiative and that a next phase should be initiated later, in the second half of 2018. The company calls on partners and customers to provide input for this. With the measures, Kaspersky hopes to regain confidence in its software and services. “We want to show that we are completely open and transparent. We have nothing to hide,” says founder Eugene Kaspersky.
That confidence has been seriously dented in recent months as the US Department of Homeland Security banned the use of Kaspersky software for government services over concerns about the company’s ties to the Russian government. Following on from this, Best Buy decided to stop providing the software to customers. The Wall Street Journal and The New York Times reported in recent weeks that Israeli and US intelligence agencies concluded after investigations that Russian hackers had managed to steal secret documents through Kaspersky software. Among other things, NSA information would have been stolen via Kaspersky software.
The role that the company itself played in this is not clear. Kaspersky himself claims not to have known about Russian activities and never to assist government agencies in spying practices.