It’s been three years since Kaspersky announced its Global Transparency Initiative (GTI) to pioneer a new approach for the cyber security industry based on greater transparency and accountability. The aim was to engage the broader cyber security community and stakeholders in validating and verifying the trustworthiness of its products, internal processes, and business operations. As such, the company has provided the source code of its software for independent reviews, undertaken a number of third-party assessments including the SOC2 audit by a Big Four company, and has attained ISO27001 certification for its data services. Kaspersky has also moved its data processing infrastructure from Russia to Switzerland and has formally announced the successful completion of this transition.
In a media release the company highlighted:
- The relocation of data processing and data storage, announced in November 2018, has been fully completed.
- Kaspersky has opened a North American Transparency Center in partnership with the CyberNB Association in New Brunswick, Canada.
The facility will start operating in early 2021 and will become the company’s fifth location where Kaspersky partners will be provided with the opportunity to review its source code and to learn more about engineering and data-processing practices, as well as its product portfolio. Earlier in 2020, Transparency Centers in Sao Paulo and Kuala Lumpur became fully operational. Kaspersky has also relaunched its first Transparency Center in Zurich that has been relocated to the Interxion data center. Moving forward, the company will provide unique access to its customers and trusted partners to experience data security controls and to directly access the company’s data management practices for external review and examination. - The Cyber Capacity Building Program, announced in May 2020, has been launched alongside Vietnam’s Authority of Information Security (AI), which includes the country’s national CERT and National Cyber Security Centre (NCSC). The Program has been extended to now include an additional section on code fuzzing conducted together with Kaspersky ICS CERT Team. In 2021, the Program will be available to business partners and other companies to enhance their readiness as well as to gauge the resilience of their systems and networks against supply chain risks. To request access, please follow this.
- Product scope for Kaspersky’s Bug Bounty Program has been extended to include Kaspersky VPN Secure Connection. Researchers can now submit vulnerability reports relating to Kaspersky VPN Secure Connection, including third-party software modules that are a part of the VPN solution. Overall, since March 2018, 76 bugs have been resolved, and 37 reports rewarded with total bounties equating to $57,750.
Kaspersky confirmed that it will continue to work with the community to prioritise transparency and accountability, and to enhance the security of modern software products, to further build consumer trust. The company has already supported and worked with the Geneva Dialogue on Responsible Behavior in Cyberspace – the international conversation on security of digital products, led by the Federal Department of Foreign Affairs (FDFA) of Switzerland and implemented by DiploFoundation. Our core belief is that through collaborative multi-stakeholder efforts we are able to enhance confidence and trust in technology. We can therefore ensure that the digital future – cyber-secure and cyber-resilient – is not a scary unknown, but a place with endless opportunities for growth and prosperity
