Kaspersky Lab plans to disclose the source code of its software

Photo: TASS / Sergey Savostyanov

Kaspersky Lab has announced its willingness to provide independent experts with the source code of their software. This is done for analysis, so that, as the company hopes, the US authorities will remove suspicion of espionage. “The laboratory,” revealing the source code, hopes to “confirm the transparency of its activities, which is primarily aimed at protecting users from any cyber threats, regardless of their origin or purpose.” Software analysis will begin before the end of the first quarter of 2018.

It should be noted that these actions of the company will become part of its extensive initiative on information transparency (Global Transparency Initiative). This initiative is designed to “engage the cybersecurity expert community in verifying the integrity and reliability of the products, internal processes and business operations of the company”.

The discovery of the source code is not everything; as part of the announced initiative, the Laboratory plans to develop additional mechanisms for monitoring the data processing process. There will also be opened three “centers of transparency” in different countries. According to the company's management, such centers will help solve virtually any security issues, including customers, partners and government agencies. The first "center of transparency" will be opened in 2018. And by 2020 they will begin work in Asia, Europe and the USA.
')
In order to eliminate potential vulnerabilities in its software, Kaspersky Lab will increase the reward for the bug bounty program. The maximum payout is planned to increase from the current $ 5 thousand to $ 100 thousand.

“The Internet was designed to bring people together and share knowledge. Cybersecurity knows no boundaries, and any attempt to divide cyberspace from geographical areas is counterproductive. They need to end. We need to restore trust in relations between companies, governments and citizens, ”commented the general director of Kaspersky Lab Evgeny Kaspersky.

The company decided to open the software source code after the US government decided in mid-July to exclude Lab from the list of software suppliers approved for work in the US government agencies. By December 13 of this year, all government agencies in this country are obliged to stop using Kaspersky Lab products, replacing them with programs from other companies.

Things reached the point that Democratic senator Gene Shahin said that the Russian company "cannot be trusted to protect critical infrastructure sites, especially computer systems, vital for ensuring national security." Actually, the problem did not happen suddenly. From a certain point in the American press began to appear information about some of the "bookmarks" in the software "Lab". These bookmarks are allegedly used to provide data to the Russian special services.

The head of Kaspersky Lab announced the possibility of providing the US authorities with the source codes of the company's products in June . True, the representatives of this country did not respond. Once, Kaspersky was offered to come to the United States to attend one of the meetings of the House of Representatives Committee on Science, Space and Technology Congress. Kaspersky agreed, but the committee meeting was postponed.

It is clear that after the loud statements of the American government, the company's competitors became more active. In some cases, this strategy worked, and Kaspersky Lab customers turned to competitors. The USA is a fairly large market for Laboratories. Before commencement of the proceedings, North America accounted for about $ 24.3% of the company's total revenue. At the end of the year, Kaspersky Lab's revenue was $ 644 million.

According to some experts, the measure proposed by the company is rational. True, it will be very difficult, if not impossible, for the United States to restore confidence. Yes, and check the source code of modern products "Laboratories" - that is another task. “Auditing the source code of a program, especially as voluminous as an anti-virus solution, is a very time-consuming task. For example, the analysis of the TrueCrypt project, which has significantly less complexity and amount of code, took an entire group of security researchers from almost two years, ”said Ilya Shalenkov, senior manager of information risk management at KPMG in Russia and the CIS.

In general, if the US authorities agree to the proposal of Eugene Kaspersky, then in part this market can again open "Laboratories". However, trust has already been lost, although perhaps without good reason. And it will be very difficult to prove something.