Embattled security firm Kaspersky Lab has announced what it calls a Global Transparency Initiative under which it will allow source code review by independent third parties.
The company has also said it will undertake independent assessment of its secure development lifecycle processes and its software and supply chain risk mitigation strategies.
Both these initiatives will be put in place by the first quarter of 2018. Additionally, Kaspersky said it would develop additional controls to govern the company’s data processing practices in co-ordination with an independent party.
The announcement comes after a torrid period during which Kaspersky Lab products have been pulled from the shelves of two major US retailers — Best Buy and Office Depot — and after the company has battled to fight a concerted US Government campaign to ban its software from use by the public sector.
{loadposition sam08}An offer by the US Congress to its founder, Eugene Kaspersky, affording him an opportunity to testify before a select panel about the issues that have arisen appears to have been withdrawn.
Kaspersky Lab also announced the creation of three Transparency Centres in the US, Asia and Europe, with plans to establish the first in 2018, to address any security issues together with customers, trusted partners and government stakeholders.
Additionally, bug bounty awards of up to US$100,000 will be offered for the most severe vulnerabilities found under the company’s Co-ordinated Vulnerability Disclosure programme.
A statement from the company quoted Eugene as saying: "“Internet balkanisation benefits no one except cyber criminals. Reduced co-operation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should.
"The Internet was created to unite people and share knowledge. Cyber security has no borders, but attempts to introduce national boundaries in cyber space is counter-productive and must be stopped.
"We need to reestablish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”
But it may be that the company's initiative has come a little too late. Three reports in the three main US mainstream newspapers this month made extremely damaging allegations about the company, which Kaspersky has not directly refuted.
A report in The Wall Street Journal on 12 October hinted that Kaspersky Lab could have made available its source code to the Russian Government.
Prior to that, a report in The Washington Post on 10 October claimed that Israeli Government information security professionals had found NSA hacking tools in Kaspersky Lab's system when it gained access to the company's servers in 2014.
And The New York Times claimed on 10 October that Russian Government employees had used Kaspersky's anti-virus software to search for the code names of US intelligence programmes, while Israeli intelligence officials looked on.
iTWire sought answers to these allegations but did not receive answers that were to the point.