Russian cybersecurity firm Kaspersky Lab is, to put it mildly, having a rough time right now.
The U.S. Department of Homeland Security has banned federal agencies from using its products, due to its alleged ties with Russian intelligence, and even the electronic retailer Best Buy has pulled Kaspersky’s antivirus.
Now Kaspersky Lab is hitting back with what it calls a “comprehensive transparency initiative,” designed to win back people’s trust.
On Monday morning, the firm said it would allow an independent review of its source code by “an internationally recognized authority” in the first quarter of 2018, along with an independent review of its internal processes to determine their integrity.
The company also promised three “transparency centers” in the U.S., Europe and Asia, to allow clients and governments to review its code and the rules it uses to detect threats. The centers will open between 2018 and 2020, it said.
Kaspersky also said it would increase the bounty it pays security researchers who find flaws in its main products, to “up to $100K per discovered vulnerability.”
Crucially, Kaspersky also said it would develop “additional controls to govern the company’s data processing practices in coordination with an independent party that can attest to the company’s compliance with said controls by Q1 2018.”
U.S. officials reportedly turned on Kaspersky after a National Security Agency (NSA) employee took NSA spy tools home and put them on his computers, where Kaspersky’s antivirus picked them up and reported their details back to the Russian company. As the tools in question would have largely qualified as malware, that’s sort of what antivirus software is supposed to do—but the question then is how Russia’s spies allegedly learned about them.
“The internet was created to unite people and share knowledge,” said co-founder Eugene Kaspersky in a statement.
“Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to re-establish trust in relationships between companies, governments and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent.”
It is not uncommon for major software firms with government contracts to allow those governments to inspect their code—Microsoft does it, for example, in order to assure agencies around the world that Windows and other products do not contain backdoors.