Kaspersky Lab will be opening what they call "Transparency Centers" across the world as part of their Global Transparency Initiative. Included as part of the initiative, the information security company will provide the source code of its software – including software updates and threat-detection rules updates – for independent review and assessment to the information security community at large and other stakeholders.
The initiative comes amid allegations that Kaspersky Lab colluded with Russian intelligence services.
“Internet balkanization benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should. The internet was created to unite people and share knowledge. Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments, and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet,” said Eugene Kaspersky, Chairman, and CEO at Kaspersky Lab, in a statement announcing the initiative.
On 11 July 2017, Bloomberg reported that there are e-mails that show that Kaspersky Lab developed products for Russia's FSB and accompanied agents on raids. The Russian information security company has since dismissed these claims and has further emphasized that the e-mails in fact show no such links. Added to that, the company said it conducted an internal investigation that revealed that a backdoor was found on a US NSA agent's computer as a result of the said agent running a pirated copy of Microsoft Office. which created a backdoor into his computer allowing for access to NSA documents.
The initial phase of Kaspersky Lab’s Global Transparency Initiative will include:
The start of an independent review of the company’s source code by Q1 2018, with similar reviews of the company’s software updates and threat detection rules to follow;
The commencement of an independent assessment of (i) the company’s secure development lifecycle processes, and (ii) its software and supply chain risk mitigation strategies by Q1 2018;
The development of additional controls to govern the company’s data processing practices in coordination with an independent party that can attest to the company’s compliance with said controls by Q1 2018;
The formation of three Transparency Centers globally, with plans to establish the first one in 2018, to address any security issues together with customers, trusted partners and government stakeholders; the centers will serve as a facility for trusted partners to access reviews on the company’s code, software updates, and threat detection rules, along with other activities. The Transparency Centers will open in Asia, Europe, and the U.S. by 2020.
The increase of bug bounty awards up to $100,000 for the most severe vulnerabilities found under the company’s Coordinated Vulnerability Disclosure program to further incentivize independent security researchers to supplement our vulnerability detection and mitigation efforts, by the end of 2017.
In an e-mailed statement to iAfrikan, Kaspersky Lab indicated that the three Transparency Centers will open in Asia, Europe, and the U.S. by 2020 with no planned centers in Afrika at this stage.