Kaspersky Lab has promised to work with independent companies to conduct audits on its product source code in the future in an effort to reestablish trust in the wake of alleged involvement in US government data theft.
On Monday, the company issued a brief statement that said by Q1 2018 an “internationally recognized authority” will conduct independent source code reviews, as well as verify the “integrity of our solutions and processes.”
While the reviewer company has not been named, in a statement to the Reuters news agency, the firm said the chosen party has “strong credentials in software security and assurance testing for cyber-security products.”
Last month, the US Department of Homeland Security (DHS) ordered all US federal agencies to stop using Kaspersky products within the next 90 days due to suspected ties to the Russian government.
The DHS said that Kaspersky products represented “information security risks,” due to Russian laws which could be used to lean on the cybersecurity firm for cyberespionage purposes, and therefore could “compromise federal information and information systems directly implicates US national security.”
The Trump administration has also removed Kaspersky from lists of approved vendors that the US government is permitted to purchase equipment and services from.
Kaspersky software was then explicitly blamed for the theft of sensitive documents owned by the US National Security Agency (NSA), taken home by an employee who was targeted by Russian hackers for the information. The report alleged the files were identified through the firm’s antivirus software.
Kaspersky Lab has denied these allegations, calling them “false” and based on “inaccurate assumptions,” and the creation of new transparency procedures has likely stemmed from a need to claw back trust from governments, businesses, and consumers alike.
The Moscow-based cybersecurity firm said there are also plans to create three “transparency centers” worldwide in the Asia, Europe, and the US over the next three years. These centers will bring together the plans to review source code and internal processes, as well as make changes to coding and threat detection rules as necessary. The first center will be up and running in 2018 and the others are expected to be complete by 2020.
Kaspersky Lab said that the firm will work with stakeholders and the information security community in the future to further solidify plans to increase transparency and strengthen compliance.
To read the original article: http://www.zdnet.com/article/kaspersky-lab-tries-to-claw-back-trust-with-transparency-initiative/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A%20Trending%20Content&utm_content=59ef256a04d30141af8d4b14&utm_medium=trueAnthem&utm_source=twitter