Facing conspiracy allegations, Kaspersky opens source code for review
Cybersecurity firm Kaspersky will submit the source code of its software and all future product updates for third-party review, the firm announced Monday.
As part of its Global Transparency Initiative, Kaspersky will work with the security community to validate and verify the trustworthiness of its products. The company will hire a trusted partner to carry out the audit and evaluating contractors for an independent code review. The process will begin early 2018.
Kaspersky will also open three transparency centers in the U.S., Europe and Asia to let companies and government agencies access source code review results in a controlled environment. The first center will open in 2018 and the last will open by 2020.
Further, Kaspersky has upped the maximum on its bug bounty reward to $100,000 for anyone who can find vulnerabilities in Kaspersky’s main products.
“Trust is essential in cybersecurity, and therefore trust should be the foundation of any collaboration,” officials said in a statement. “However, the company also recognizes that trust is not a given; it must be repeatedly earned through an ongoing commitment to transparency and accountability.”
The move is a response to the continued reports that Kaspersky has ties to Russia, which the company has repeatedly denied.
The most recent report claimed that the company is responsible for Russian intelligence stealing NSA cyber weapons from an NSA employee who stored the tools on his personal computer.
The report claimed Kaspersky or Federal Security Service of the Russian Federation could have used “silent signatures” to search data on computers. Most modern antivirus products have this function, but it’s meant to be used by the product maker to search for any malware strings in the user’s files.
However, the report proposes either the Russians or Kaspersky used this function to search for NSA files, instead of malware.
The Department of Homeland Security banned the use of Kaspersky products for government use in September, citing ties to Russia. Both Office Depot and Best Buy have removed Kaspersky products from its shelves.
The company has already undergone an investigation by the FBI, including employee interviews. So far, no concrete evidence of maleficence has been made public.
Kaspersky has continually denied any wrongdoing and offered the government a chance to review all of its security products to demonstrate its innocence in July.
“Internet balkanization benefits no one except cybercriminals,” CEO Eugene Kaspersky said in a statement. “Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should.”
“We need to reestablish trust in relationships between companies, governments and citizens,” he continued. “We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”