‘Nothing to hide’: Kaspersky Lab opens source code to independent review

‘Nothing to hide’: Kaspersky Lab opens source code to independent review
Russian cybersecurity company Kaspersky Lab has unveiled to independent experts an unprecedented Global Transparency Initiative that will open its code. The audit is a bid to stave off US accusations the company is working for Russian security services.

A five-point plan revealed by the Kaspersky on Monday has promised access not only to its software, but its company practices and oversight of its data handling. Additionally, the company says it will pay out awards of up to $100,000 for those able to identify vulnerabilities, and establish three “transparency centers” by 2020 “to address any security issues together with customers, trusted partners and government stakeholders.”

“We need to reestablish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent,” said company CEO Eugene Kaspersky in a statement.

“We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”

In his statement Kaspersky, whose software is installed on an estimated 400 million computers worldwide, bemoaned the intrusion of competing national interests into the security industry.

“Internet balkanization benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should. The internet was created to unite people and share knowledge. Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped,” said Kaspersky, who founded the company two decades ago.

In July, Kaspersky made an offer to hand over source code for his software to the US government. The proposition was not taken up.

The latest announcement comes two days before the US House of Representatives gathers to discuss allegations against the company. In June this year, a bipartisan bill was launched in Senate to restrict the US government and any of its contractors from using Kaspersky Lab software, due to “a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure.”

The proposal, which Kaspersky said was based on “unfounded conspiracy theories,” has not been passed into law, but was enforced by a directive from the Department of Homeland Security last month.

Kaspersky Lab, not least because of its founder’s past as a student in the KGB academy in the 1980s, has faced years of allegations of its ties to the Kremlin, though no smoking gun has ever been produced.

The most prominent allegation claims that its software was used to steal NSA data by Russian hackers in 2015, though it was never proven that it intentionally stole data, nor established that it bore responsibility for any potential hacks.

Kaspersky himself has dismissed these claims as a “witch hunt,” and earlier this month, the company signed an intelligence-sharing pact with Interpol, in an attempt to underline its credentials as a crime-fighting company.