2017 hasn’t been a good year for anti-virus giant Kaspersky Lab, with allegations that it was hacked by, or colluded with, Russian agencies damaging its reputation enormously. In an attempt to win back the public’s trust, the company has announced what it calls a “comprehensive transparency initiative.”
Back in July, allegations that its source code may have been compromised by the Russian government led to Kaspersky Lab's removal from the list of approved federal vendors.
Last month, the Department of Homeland Security gave US departments and agencies three months to identify and replace any Kaspersky software they were using.
Kaspersky Lab’s new four-point plan begins with an independent review of its source code, which is set to start by Q1 2018 and be undertaken by an “internationally recognized authority.” There will also be an independent review of Kaspersky's internal process, which it says will verify “the integrity of our solutions and processes.”
There’s no word on which party will be carrying out the reviews, but the company said they would have “strong software security credentials and be able to conduct technical audits, source code reviews and vulnerability assessments.”
Back in July, CEO and cofounder Eugene Kaspersky offered to share company source code with the US government to prove the software had not been compromised.
Kaspersky will also be creating three transparency labs across the world, “enabling clients, government bodies & concerned organizations to review source code, update code and threat detection rules.” The first of these is scheduled to open in 2018, with all three centers set to be completed in Asia, Europe, and the US by 2020.
Finally, the company is increasing the amount of money on offer for its bug bounty program. Up to $100,000 will be now handed over for vulnerabilities discovered in main Kaspersky products.
“We need to reestablish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet,” said Eugene Kaspersky.
Kaspersky has long denied any links, voluntary or otherwise, with Russia’s spy agencies, but a Wall Street Journal report last month disagreed. The article claims that in 2015, Kaspersky software installed on a computer belonging to a US National Security Agency contractor alerted Russian hackers to the presence of NSA tools. Again, the company disputed the report and even suggested its software may have been hacked. “Even though we have an internal security team, and do bug bounties, we can’t give 100% guarantee that there are no security issues in our products,” wrote Kaspersky.