After Spying Scandal, Kaspersky Promises to Submit Software for Review in a Bid to Win Back Trust
Moscow-based Kaspersky Lab is trying to reestablish consumer trust after the Trump administration's decision to ban its products citing national security risks. The company has promised that it will open up its antivirus product to independent parties to review it for security.
Kaspersky promises independent source code review and more transparency amid spying claims
Earlier this month a report had revealed that Israeli intelligence community had informed the US government of Russian spies using Kaspersky products to spy on targets in the United States government. According to this report, Russians were scouring "computers around the world for the code names of American intelligence programs". Israel apparently had also offered the Trump administration evidence of Russia-backed hackers infecting Kaspersky, which was reportedly the primary reason why the US government put a warning against the use of the AV firm's products earlier in September.
The US government hasn't confirmed these reports and had just said that the government is "concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies".
Since these allegations and the US government's directive against the AV firm, several companies have also taken Kaspersky off their shelves. Throughout these past few months, Kaspersky has maintained that it isn't influenced by any government and is just caught in the middle of a geopolitical fight between the US and Russia. While the company appears to have been caught up in this mess, the fact that at least two government agencies managed to hack into its products made many consumers fear that its products may not be as secure.
Kaspersky's plans to "overcome mistrust"
"We’ve nothing to hide," the company's Chairman and CEO Eugene Kaspersky said. "With these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet."
While the company hasn't named who will be reviewing the source code, its statement suggests that an "independent source code review" will be "undertaken with an internationally recognized authority" and will start by Q1, 2018.
Not only is the company opening up its source code for review, it has also added that it will conduct an "independent review of internal process to verify integrity of our solutions and processes," along with offering increased bug bounties for security vulnerabilities discovered in Kaspersky products.
The AV firm further plans to open three "transparency centers" worldwide over the next three years that will enable "clients, government bodies & concerned organizations to review source code, update code and threat detection rules".
While the Kremlin denied allegations of using Kaspersky products or having ties to the company, President Trump's administration put a ban on government agencies from using the AV firm's products - a decision that was then backed by the US Senate. The government also removed the firm from its list of approved vendors for government use, saying that using Kaspersky products could "compromise federal information and information systems" and "directly implicates US national security".