The Russian cybersecurity firm Kaspersky Lab wants to win back public trust that has been eroding amid fears that its popular software spies on U.S. interests for the Kremlin. To that end, the company is opening up its software to independent scrutiny, and will increase the bounty offered for finding flaws in its products.
In a post on its site, the company laid out its plans for an "internationally recognized authority" to review its source code sometime in Q1 of next year, although it offered no details yet on who the authority would be or how the process would be undertaken. It also said that it is authorizing an independent review of its internal procedures "to verify integrity of our solutions and processes."
New data center protocols are coming as well. Three "transparency centers" will be created by 2020, "enabling clients, government bodies and concerned organizations to review source code, update code and threat detection rules." The centers will be in the United States, Asia and Europe, with firm locations to be detailed at a later date.
Finally, the company is increasing the bounty it gives to hackers that find flaws in its software from $5,000 to up to $100,000 per vulnerability found.
In a statement revealing the initiative, founder Eugene Kaspersky said:
“Internet balkanisation benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should. We need to reestablish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”
Earlier this month, Israeli hacks found Russian hackers using Kaspersky software to infiltrate the NSA database to get details on U.S. cyberdefense efforts. Prior to that, the U.S. government had urged federal agencies to no longer use Kaspersky products and IT services, despite the company's offer to testify before Congress and open up its source code for examination.
Source: The Guardian