Menu
Kaspersky Lab serves up source code to quell national security concerns

Kaspersky Lab serves up source code to quell national security concerns

The company said it would submit the source code of its software and future product updates for review

Moscow-based Kaspersky Lab will ask independent parties to review the security of its anti-virus software, which the US Government has said could jeopardise national security, citing concerns over Kremlin influence and hijacking by Russian spies.

Kaspersky, which research firm Gartner ranks as one of the world's top cyber security vendors for consumers, said in a statement that it would submit the source code of its software and future product updates for review by a broad cross-section of computer security experts and government officials.

It also vowed to have outside parties review other aspects of its business, including software development. Reviews of its software, which is used on some 400 million computers worldwide, will begin by the first quarter of next year, it said.

"We've nothing to hide," chairman and CEO, Eugene Kaspersky, said. "With these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet."

Kaspersky did not name the outside reviewers, but said they would have strong software security credentials and be able to conduct technical audits, source code reviews and vulnerability assessments.

US President Trump's administration last month barred government agencies from using Kaspersky Lab anti-virus products. The US Senate voted to back the plan.

The world's top cyber security experts are divided over whether Russian intelligence hijacked Kaspersky software without its knowledge or whether the firm or one of its employees were complicit.

Israeli intelligence officials said they had found Russian government hackers using Kaspersky antivirus software to steal spy secrets from the US National Security Agency, according to reports this month in major US media.

Kaspersky has repeatedly denied those allegations, saying it has not helped Russia or other governments engage in espionage and that it is simply caught up in a wider geopolitical spat between Moscow and Washington following allegations Russian hackers interfered in last year's US elections.

The Kremlin also denies the allegations.

Some researchers have pointed to the company’s problems in the United States as an example of the growing Balkanisation of the cyber security industry, which is making it harder to fight cross-border crime.

Restoring confidence

US cyber security experts and former officials said the move by Kaspersky to open its software up for expert review could help alleviate concerns about future security gaps, but that the company had a lot of work to do to restore confidence.

Former NSA director Michael Hayden called Kaspersky’s action "a dramatic step forward, but not necessarily sufficient."

Rodney Joffe, senior vice president at online identity management firm Neustar and an advisor to the US Federal Communications Commission, said Kaspersky must show it has fixed all existing vulnerabilities, not just guarded against new ones.

"A good start would be a release of the source code for the products already out there, that matches the actual installed code base," Joffe said.

The company said it would open "transparency centers" in Asia, Europe and the United States where customers, governments and others can access results of the outside reviews and discuss any concerns about the security of Kaspersky products.

It also said it would expand a program where it pays independent security researchers to find security vulnerabilities in its products, boosting the maximum award size to US$100,000 from US$5,000.

(Reporting by Jim Finkle in Toronto; John Walcott in Washington D.C.; Eric Auchard in London and Jeremy Wagstaff in Singapore; Editing by Lisa Von Ahn, Peter Cooney and Alexander Smith)


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityeugene kasperskysoftwareUSkasperskykaspersky lab

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments