More than five years ago, the idea of allowing the public to inspect the proprietary source code of a technology company was unheard of and definitely not the norm.
A source code is the source of a computer program. It contains declarations, instructions, functions, loops, and other statements, which act as instructions for the program on how to function. Programs may contain one or more source text files that can be stored on a computer’s hard disk, in a database, or be printed in books of code snippets.
In 2017, Kaspersky pioneered the creation of a high standard of openness in the cybersecurity industry by launching its Global Transparency Initiative (GTI) and opening a global network of Transparency Centers. These are trusted facilities where customers and partners can review the company’s code, software updates, threat detection rules and other activities.
What’s the big deal about transparency?
In every business sector, transparency is an important principle but most particularly in cybersecurity. Customers rely on their cybersecurity service provider for business continuity regarded as a long-term commitment.
With over 400 million users and more than 240,000 companies worldwide that trust Kaspersky to protect their most precious and confidential information, the cybersecurity company considers it important to clearly communicate its transparency measures it’s taking such as how the company’s products work as well as the engineering and data management practices in place.
This led Kaspersky to launch its Global Transparency Initiative that includes a number of actionable and concrete measures to engage with the wider cybersecurity community and stakeholders in validating and verifying the trustworthiness of its products, internal processes and business operations. Through the GTI, Kaspersky can further demonstrate that it tackles any security issues promptly and thoroughly.
What’s a Transparency Center?
One of the GTI’s cornerstones included the opening of a network of Transparency Centers — in Zurich (Switzerland), Madrid (Spain), Kuala Lumpur (Malaysia), São Paulo (Brazil), Singapore, Tokyo (Japan), and Woburn, Massachusetts (the United States).
Singapore and Tokyo are both recently opened centers in APAC and are now ready to welcome the company’s enterprise partners and customers, including state agencies and regulators, responsible for cybersecurity.
The Transparency Centers are fully operational and available for on-site (physical) and remote access.
In addition, in 2020, the company completed the relocation of cyber-threat related data storage and processing for customers in a number of Asia-Pacific countries to Switzerland.
Kaspersky is taking a significant step towards becoming completely transparent in its protection technologies, infrastructure, and data processing practices by establishing these ground-breaking Transparency Centers,
What can be done at the Transparency Center?
Kaspersky offers three review options based on visitor’s skills and interests – ranging from a general overview of Kaspersky’s security and transparency practices to a comprehensive review of the company’s source code.
Genie Gan, Head of Public Affairs and Government Relations for Asia Pacific & Middle East, Turkey and Africa at Kaspersky said, “We are the first company in the cybersecurity industry that opened its source code for external review and we believe this approach shall become an industry standard. We invite state agencies and regulators responsible for national cybersecurity and protection of information systems, enterprise partners and customers from anywhere in the world to visit our Transparency Centers where we are ready to answer your questions about our source code, threat detection rules, software updates, as well as our engineering and data processing practices.”
As a visitor, you will be led to a secure room with a computer that’s connected to Kaspersky’s data infrastructure in secure mode with an expert to guide you through the review process.
Kaspersky provides its source code review solely for consultation purposes and follows the strictest access policy.
Specifically, visitors to the Transparency Center can:
- review the company secure software development documentation and source code of the company’s key product portfolio, including flagship consumer and enterprise products as well as all the versions of our software updates and threat detection rules;
- rebuild the source code to ensure it corresponds to the publicly available modules. The compilation process provides security assurance about the integrity of Kaspersky’s source code;
- check the Software Bill of Materials (SBOM) for Kaspersky products to enhance supply chain security; and
- review the results of third-party security audits such as the SOC 2 audit report by one of the Big Four accounting firms and ISO 27001 assessment report for data security systems
During the operation of Transparency Centers since 2018, Kaspersky team has overseen that source code review offering was not enough. A greater curiosity around it without certain IT knowledge for proper assessment revealed a need for cybersecurity capacities across organizations to properly approach product security evaluations.
This prompted Kaspersky to launch a dedicated Cyber Capacity Building Program (CCBP) where its experts help organizations worldwide learn practical tools and knowledge for security assessment and teach trainees about secure code review and code fuzzing (software testing method performed to identify memory use issues and security weak spots), among others.
Genie Gan added, “Against the backdrop of fast-growing digitalization of economies and societies that requires the integration of various software and hardware components into smoothly running systems, companies usually require the use of different solutions in building infrastructure. At the same time, policymakers need to develop mechanisms to secure the digital infrastructure supply chain, ensure greater transparency regarding the source of technological components and establish the trustworthiness of international partners. As a globally respected cybersecurity company with a 25-year history, Kaspersky completely supports the intention to address these concerns, provide a credible level of assurance and trust to digital products through our ground-breaking Global Transparency Initiative”.
To book an appointment, interested customers, agencies, and businesses can send an email to TransparencyCenter@kaspersky.com .
The latest GTI updates are available here.