Guest blog: The case for increasing transparency in cybersecurity

Posted by    on   Oct 2, 2018

In a guest blog post by VB2018 gold partner Kaspersky Lab, Anton Shingarev, Vice President, Public Affairs, considers the case for increasing transparency in cybersecurity.

Transparency-image.jpg

The gap between national security and cybersecurity has never been narrower. Ransomware has crippled the ability of local governments and hospitals to provide crucial services. Nation-state malware has disabled portions of a city’s electric grid. Connected devices and technologies power economies and individuals’ daily lives.

Governments have concerns about how criminals and foreign entities might use digital means to further their own agendas. These concerns extend to vendors of security products. Companies must realize that trust in their products is no longer a given. Kaspersky Lab is no exception; in fact, we may be 'the rule'.

The entire industry must meet new challenges and adapt accordingly. That means increasing transparency in the processes we rely on to build products that protect individuals, businesses, critical infrastructure and governments every day.

Last October, amid global concerns about the integrity and trustworthiness of security software, Kaspersky Lab launched its Global Transparency Initiative. It includes:

  • The relocation of key elements of our infrastructure to Switzerland, including data processing and storage for a number of regions as well as our software and threat detection rule assembly – a major initiative that will take several years to complete
  • Code reviews of our source code, code bases, and threat detection rules
  • Third-party evaluations of our products and their underlying infrastructure
  • External audits of our internal controls and processes and engineering practices
  • Increasing bug bounty awards for identifying potential vulnerabilities

The relocated data processing and storage will begin before the end of this year for customers in Europe. We are also about to open our first Transparency Center in Zurich. The Transparency Center will provide a space where trusted stakeholders can conduct code reviews and evaluate the results of our independent evaluations.

We recognize that transparency is not a cure-all or without its own risks. But this approach allows us to address concerns, even theoretical ones, related to unauthorized access to data and unintended product functionality. It can also serve as the basis for developing objective, risk-informed frameworks that can apply to all security product vendors in order to generate credible levels of assurance and trust throughout the entire cybersecurity ecosystem.

The value that transparency creates in security far outweighs the risks that may deter us from this strategy of engagement. What we have previously announced about our Global Transparency Initiative is just the beginning, and we welcome insight and ideas from the Virus Bulletin community on how we can improve this long-term and ever-evolving project.

 

 

 

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2020 call for papers - now open!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2020 is now open and we want to hear from you!

VB2019 paper: Operation Soft Cell - a worldwide campaign against telecommunication providers

Today we publish the VB2019 paper by Cybereason researchers Mor Levi, Amit Serper and Assaf Dahan on Operation Soft Cell, a targeted attack against telecom providers around the world.

VB2019 paper: A study of Machete cyber espionage operations in Latin America

At VB2019 in London a group of researchers from the Stratosphere Lab at the Czech Technical University in Prague presented a paper in which they analysed and dissected the cyber espionage activities of an APT group in Latin America through the…

VB2019 paper: The push from fiction for increased surveillance, and its impact on privacy

In a paper presented at VB2019 in London, researchers Miriam Cihodariu (Heimdal Security) and Andrei Bogdan Brad (Code4Romania) looked at how surveillance is represented in fiction and how these representations are shaping people's attitudes to…

VB2019 paper: Oops! It happened again!

At VB2019 in London industry veterans Righard Zwienenberg and Eddy Willems took a detailed look at the relationship between past and current cyber threats. Today, we publish both their paper and the recording of their presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.