Through the Global Transparency Initiative, Kaspersky is demonstrating its commitment to transparency. And, in view of the suspicions of collusion that weigh on the publisher of IT security solutions of Russian origin vis-à-vis the intelligence services of his country.
Specifically, Kaspersky wants to propose to a trusted third party to evaluate the source code of its software for “independent review”. Including updates and threat detection engines.
This certification by a third party will be “conditionally” (not specified in the press release). It is intended to reassure customers, partners and other stakeholders about the integrity of the code.
Three transparency centers will be erected on three continental plates (Europe, Asia, United States) between 2018 and 2020. This type of structure will host “trusted partners” and government stakeholders.
Organizations that enter the circle of trust on behalf of an additional layer of security will also be able to evaluate publisher’s secure development cycle processes and software and supply chain risk management strategies.
Wanted vulnerability: $ 100,000
What’s more, Kaspersky is pushing the $ 100,000 reward for researchers who will find the most severe vulnerabilities of anti-virus.
A hunt for the most motivating bugs for security experts in order to limit the weak points of the company’s software solutions.
Based on suggestions on the wave of early initiatives, Kaspersky will refine its transparency program. The second phase will begin in the second half of 2018. In the meantime, the publisher undertakes to publish progress regularly.
Nothing to hide ?
“The balkanization of the Internet does not benefit anyone except cybercriminals. Reduced co-operation between countries is helping cybercriminals and public-private partnerships are not working as they should, “ says Kaspersky.
” We need to restore trust in the relationships between businesses, governments and citizens. That’s why we are launching this global transparency initiative: we are totally open and we have nothing to hide. And I believe that with these actions we will be able to overcome mistrust and support our commitment to protect people in any country in the world. “
Suspicions of acquaintance with the Kremlin are maintained because of the past of Eugène Kaspersky, who followed a cryptography course at a KGB-supported organization and then joined the Russian Ministry of Defense as an engineer.
Recent journalistic investigations, in particular those of the Washington Post , have also revealed intriguing points such as the hacking by the Israeli government of hacking tools belonging to the NSA (secret services) stored in the information system. from Kaspersky Lab.
In the aftermath, the Wall Street Journal evoked the troubled role of the Moscow publisher in a case of theft of NSA documents .
Kaspersky banned in the United States
The cup is full on the side of the United States. Senators decide to exclude Kaspersky solutions from contracts for military markets.
De facto, it is the US administration sphere that must cut corners with the provider of security solutions from the East.
While the FBI urges US companies to exclude software from the Russian publisher.
Meanwhile, Kaspersky also reserves a package of revelations by revealing the tenuous relationship between the NSA and the group of hackers Equation . One could perceive the woes of Kaspersky as a return of crank …
The publisher must today redouble its efforts of transparency to prove its good faith and maintain confidence. And to avoid that the mistrust provoked in the United States does snowball on the rest of the planet.
On the competition front, these accusations are also part of a context of tensions with Microsoft.
Kaspersky accused the Redmont firm of an anticompetitive position with the default and free provision of Windows Defender in Windows 10, and the abandonment, or even the deactivation , of third-party security solutions.
The case gave rise to a complaint to the European Commission before the complainant changed his mind regarding the adaptation efforts made by Microsoft.