In an attempt to reassure its customers and build trust, Kaspersky Lab, the Russian cybersecurity firm under suspicion of having ties to the Kremlin and Russian spy operations, has promised to open its software’s underlying code for outside review. The company will ask independent parties to review the security of its anti-virus software.
In September, the U.S. Department of Homeland Security banned all U.S. federal agencies from using Kaspersky’s anti-virus products due to suspected ties with Russian spy operations. Kaspersky was blamed for alleged theft of sensitive documents that were the property of the U.S. National Security Agency.
The Trump administration also removed Kaspersky from its list of approved vendors, a list from which the U.S. government is allowed to purchase equipment and services.
Kaspersky Lab, according to the Gartner research firm, is one of the world’s top cybersecurity and anti-virus providers. The company is from Russia and is operated by a holding company in the UK. The company develops and sells anti-virus, internet security, password management, and other cybersecurity products and services.
Kaspersky Lab denied the allegations and called them “false” and “inaccurate,” claiming it is been dragged into the middle of a “geopolitical fight.”
“We’ve nothing to hide,” Chairman and CEO Eugene Kaspersky said on Monday. “With these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”
Kaspersky said that the company will provide the source code of its software, along with future product updates and threat-detection rules updates, for independent review. However, experts suggest that this review may not be able to reveal much, and that the result would not be sufficient to address the concerns of Kaspersky customers or the U.S. government.
“This review is a red herring that doesn’t address any of the fundamental underlying concerns with Kaspersky products – most significantly, that Russian law enables the Kremlin to monitor data transmissions, including Kaspersky’s,” U.S. Sen. Jeanne Shaheen, a New Hampshire Democrat and regular Kaspersky critic, said in a statement Monday.
Kaspersky’s CEO wrote on Twitter that he’s evaluating contractors who can conduct an independent code review. The company also said that in the future it will work with stakeholders and the information-security community to increase transparency and fortify compliance.