Menu
Kaspersky Lab serves up source code to quell national security concerns

Kaspersky Lab serves up source code to quell national security concerns

The company said it would submit the source code of its software and future product updates for review

Moscow-based Kaspersky Lab will ask independent parties to review the security of its anti-virus software, which the US Government has said could jeopardise national security, citing concerns over Kremlin influence and hijacking by Russian spies.

Kaspersky, which research firm Gartner ranks as one of the world's top cyber security vendors for consumers, said in a statement that it would submit the source code of its software and future product updates for review by a broad cross-section of computer security experts and government officials.

It also vowed to have outside parties review other aspects of its business, including software development. Reviews of its software, which is used on some 400 million computers worldwide, will begin by the first quarter of next year, it said.

"We've nothing to hide," chairman and CEO, Eugene Kaspersky, said. "With these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet."

Kaspersky did not name the outside reviewers, but said they would have strong software security credentials and be able to conduct technical audits, source code reviews and vulnerability assessments.

US President Trump's administration last month barred government agencies from using Kaspersky Lab anti-virus products. The US Senate voted to back the plan.

The world's top cyber security experts are divided over whether Russian intelligence hijacked Kaspersky software without its knowledge or whether the firm or one of its employees were complicit.

Israeli intelligence officials said they had found Russian government hackers using Kaspersky antivirus software to steal spy secrets from the US National Security Agency, according to reports this month in major US media.

Kaspersky has repeatedly denied those allegations, saying it has not helped Russia or other governments engage in espionage and that it is simply caught up in a wider geopolitical spat between Moscow and Washington following allegations Russian hackers interfered in last year's US elections.

The Kremlin also denies the allegations.

Some researchers have pointed to the company’s problems in the United States as an example of the growing Balkanisation of the cyber security industry, which is making it harder to fight cross-border crime.

Restoring confidence

US cyber security experts and former officials said the move by Kaspersky to open its software up for expert review could help alleviate concerns about future security gaps, but that the company had a lot of work to do to restore confidence.

Former NSA director Michael Hayden called Kaspersky’s action "a dramatic step forward, but not necessarily sufficient."

Rodney Joffe, senior vice president at online identity management firm Neustar and an advisor to the US Federal Communications Commission, said Kaspersky must show it has fixed all existing vulnerabilities, not just guarded against new ones.

"A good start would be a release of the source code for the products already out there, that matches the actual installed code base," Joffe said.

The company said it would open "transparency centers" in Asia, Europe and the United States where customers, governments and others can access results of the outside reviews and discuss any concerns about the security of Kaspersky products.

It also said it would expand a program where it pays independent security researchers to find security vulnerabilities in its products, boosting the maximum award size to US$100,000 from US$5,000.

(Reporting by Jim Finkle in Toronto; John Walcott in Washington D.C.; Eric Auchard in London and Jeremy Wagstaff in Singapore; Editing by Lisa Von Ahn, Peter Cooney and Alexander Smith)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags eugene kasperskysoftwareUSkasperskykaspersky lab

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments