Kaspersky Lab will ask independent parties to conduct security reviews of its widely used anti-virus software to help dispel allegations that the Russian government uses the products to conduct espionage, the Moscow-based company said on Monday. Kaspersky said in a statement that it would submit the source code of its software and future product updates for review by “the broader information-security community and other stakeholders.” It also vowed to have outside parties review other aspects of its business, including software development.
Reviews of the software, which is used on some 400 million computers worldwide, will begin by the first quarter of next year, the company said. The company did not name the outside reviewers, but said in a statement that it would soon announce parties with “strong credentials in software security and assurance testing for cyber-security products.” US President Donald Trump’s administration last month barred government agencies from using Kaspersky Lab anti-virus products, citing concerns that the company was vulnerable to Kremlin influence and that use of its software could jeopardize national security.
Kaspersky has repeatedly denied those accusations, saying it has not helped Russia or other governments engage in espionage. The Trump administration decision represented a sharp response to what US intelligence agencies have described as a national security threat posed by Russia in cyberspace, following a US election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome. Chief Executive Officer Eugene Kaspersky said in a statement that he believed the steps announced on Monday would help restore trust in his company.
“We want to show how we’re completely open and transparent,” he said. “We’ve nothing to hide.”
The company said it would open “transparency centers” in Asia, Europe and the United States where customers, governments and others can access results of the outside reviews and discuss any concerns about the security of Kaspersky products. It also said it would expand a program where it pays independent security researchers to find security vulnerabilities in its products, boosting the maximum award size to $100,000 from $5,000.