There's been a lot of talk from Kaspersky Lab as the decision to remove Kaspersky anti-virus software from U.S. government computers, the hack of an NSA contractor and negative media coverage has snowballed into growing mistrust.
Now Eugene Kaspersky says his company is backing up the talk with action that will prove the company is truly a global cybersecurity company and not some Russian Government puppet.
Kaspersky Lab to open "Transparency Centers" on 3 continents, submit code for review
The company says it will begin submitting its sourcecode for 3rd party review in Q1 2018, just a few months from now. And it will open 3 "Transparency Centers" the first of which will start operating next year.
"The centers will serve as a facility for trusted partners to access reviews on the company’s code, software updates, and threat detection rules, along with other activities," the company said in its statement on what it calls the Global Transparency Initiative.
Security researchers win: Kaspersky Lab to boost bug bounty 20x
Kaspersky says it will also increase its bug bounty rewards for security researchers. Top vulnerability payouts will jump from $5,000 to $100,000. The company said the NSA Contractor hack was likely due to a security vulnerability which is a risk for any cybersecurity company.
5 things the Kaspersky initiative will do, according to the company
- Initiating an independent review of the company’s source code by Q1 2018, with similar reviews of the company’s software updates and threat detection rules to follow;
- Commencing an independent assessment of (i) the company’s secure development lifecycle processes, and (ii) its software and supply chain risk mitigation strategies by Q1 2018;
- Development of additional controls to govern the company’s data processing practices in coordination with an independent party that can attest to the company’s compliance with said controls by Q1 2018;
- Formation of three Transparency Centers globally, with plans to establish the first one in 2018, to address any security issues together with customers, trusted partners and government stakeholders; the centers will serve as a facility for trusted partners to access reviews on the company’s code, software updates, and threat detection rules, along with other activities. The Transparency Centers will open in Asia, Europe and the U.S. by 2020;
- Increasing bug bounty awards up to $100,000 for the most severe vulnerabilities found under Kaspersky Lab’s Coordinated Vulnerability Disclosure program to further incentivize independent security researchers to supplement the company’s vulnerability detection and mitigation efforts, by the end of 2017.
Eugene Kaspersky on transparency
“Internet balkanization benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should. The internet was created to unite people and share knowledge. Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”
First, there was talk. Now there will be action. Is it enough to restore trust? There is more to come here, we are sure.
For the latest in cybersecurity news, follow SecureWorld on LinkedIn, Twitter, or Facebook.
