Kaspersky Lab says it will submit source code for transparency review

24 Oct 2017

Kaspersky Lab logo. Image: Jaggat Rashidi/Shutterstock

Kaspersky Lab is to submit its software source code for review by security experts and government officials in the first quarter of 2018.

Beleaguered cybersecurity firm Kaspersky Lab – which research firm Gartner ranks as one of the world’s top cybersecurity vendors for consumers – confirmed in a statement that it would submit the source code of its software and future product updates for review.

It also vowed to have outside parties review other aspects of its business, including software development and data protection.

Reviews of its software, which is used on about 400m computers worldwide, will begin by the first quarter of next year.

‘Nothing to hide’

Chair and CEO Eugene Kaspersky recently said: “We’ve nothing to hide. With these actions, we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”

The outside reviewers were not named but it was stressed that they would have strong security credentials and conduct thorough technical audits as well as assess for vulnerabilities and review source code.

This initiative comes after the Trump administration’s ban on government agencies using Kaspersky Lab antivirus products in September, and revelations about Israeli spies discovering Russian hackers using the company’s software to steal information from the NSA.

Working on transparency measures

Kaspersky Lab will establish three transparency centres globally, with plans to open the first one in 2018, “to address any security issues together with customers, trusted partners and government stakeholders”.

These will serve as facilities for trusted partners to access reviews on the company’s code, software updates and threat detection rules, along with other activities. The transparency centres will open in Asia, Europe and the US by 2020.

Kaspersky Lab will also increase bug bounty awards up to $100,000 for the most dramatic vulnerabilities found under the company’s vulnerability disclosure program to incentivise independent security experts to help with mitigation efforts. This will take effect in late 2017.

Eugene Kaspersky commented: “Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should. The internet was created to unite people and share knowledge.

“Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is (sic) counterproductive and must be stopped. We need to re-establish trust in relationships between companies, governments and citizens.”

Kaspersky Lab logo. Image: Jaggat Rashidi/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects