Kaspersky Lab is addressing trust concerns with the launch of a Global Transparency Initiative, engaging the broader information security community and other stakeholders in validating and verifying the trustworthiness of its products, internal processes and business operations.
It will also introduce additional accountability mechanisms by which the company can demonstrate that it addresses any security issues promptly and thoroughly.
As part of the Initiative, the company intends to provide the source code of its software — including software updates and threat-detection rules updates — for independent review and assessment.
Kaspersky Lab believes that increased co-operation to protect cyberspace is crucial — and trust needs to be the foundation of any collaboration among those seeking to secure individuals, organisations and enterprises from cyberthreats. However, Kaspersky Lab also recognises that trust is not a given; it must be repeatedly earned through an ongoing commitment to transparency and accountability.
The initial phase of Kaspersky Lab’s Global Transparency Initiative will include:
* The start of an independent review of the company’s source code by Q1 2018, with similar reviews of the company’s software updates and threat detection rules to follow;
* The commencement of an independent assessment of (i) the company’s secure development lifecycle processes, and (ii) its software and supply chain risk mitigation strategies by Q1 2018;
* The development of additional controls to govern the company’s data processing practices in coordination with an independent party that can attest to the company’s compliance with these controls by Q1 2018;
* The formation of three Transparency Centres globally, with plans to establish the first one in 2018, to address any security issues together with customers, trusted partners and government stakeholders; the centers will serve as a facility for trusted partners to access reviews on the company’s code, software updates, and threat detection rules, along with other activities. The Transparency Centers will open in Asia, Europe and the US by 2020.
* The increase of bug bounty awards up to $100 000 for the most severe vulnerabilities found under the company’s Coordinated Vulnerability Disclosure programme to further incentivise independent security researchers to supplement our vulnerability detection and mitigation efforts, by the end of 2017.
Kaspersky Lab will also engage with stakeholders and the information security community to determine what the next phase of the initiative — commencing in H2 2018 — should include.
Eugene Kaspersky, chairman and CEO of Kaspersky Lab, says: “Internet balkanisation benefits no one except cybercriminals. Reduced co-operation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should.
“The Internet was created to unite people and share knowledge. Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped.
“We need to re-establish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent.
“We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”