In order to better provide its customers and partners with security assurance on its products and practices, Kaspersky has opened three more Transparency Centers worldwide. The Transparency Centers are located in Japan, Singapore, and the United States. The new facilities expand opportunities for customers and partners to learn more about Kaspersky’s engineering and data processing practices, and review the company’s source code and other areas of the business.
IT technologies now contribute to almost every aspect of our lives, and the scope of data entrusted to them grows exponentially each year. This has turned data processing into the backbone of digitalized societies. As data generation keeps skyrocketing worldwide, data processing volumes are following suit and increasing dramatically. Committed to ensuring customers and partners are informed about how the company’s products work, and the engineering and data management practices in place led Kaspersky to launch the Global Transparency Initiative (GTI) aimed at empowering company stakeholders with knowledge and giving them the confidence to trust Kaspersky.
One of the GTI’s cornerstones included opening a global network of Transparency Centers — trusted facilities where customers and partners can review the company’s code, software updates, threat detection rules, and other activities. No other cybersecurity provider has done anything as far-reaching as this. In opening these Transparency Centers, Kaspersky is taking a significant step towards becoming completely transparent in its protection technologies, infrastructure and data processing practices.
Since the launch of the first center in 2018 in Zurich (Switzerland), Kaspersky has launched several more and now operates code review centers in Madrid (Spain), Kuala Lumpur (Malaysia), and São Paulo (Brazil).
The newly opened Transparency Centers will welcome the company’s enterprise partners and customers, including state agencies and regulators, responsible for cybersecurity. Two more facilities in APAC — in Tokyo and Singapore — ensure the company’s greater proximity to stakeholders in this region, while the center in Woburn, MA in the United States, will serve as a new venue for the company’s North American Transparency Center, which used to be located in New Brunswick, Canada.
To make visits to Kaspersky’s Transparency Centers as rewarding as possible, the company offers several read-only review options based on visitors’ skills and their interests — ranging from a general overview of Kaspersky’s security and transparency practices, to a comprehensive review of Kaspersky’s source code under the guidance of the company’s experts.
Kaspersky provides its source code review solely for consultation purposes and follows the strictest access policy, which means a request for the source code review could be turned down in the event of security concerns. To ensure the integrity of its source code, Kaspersky provides read-only access to review its source code, which excludes the possibility of any modifications.
With the assistance of Kaspersky’s experts, visitors to the Transparency Centers can review its secure software development documentation, and source code of the company’s key product portfolio, including flagship consumer and enterprise products, as well as all the versions of our software updates and threat detection rules.
Visitors will also be able to rebuild the source code to ensure it corresponds to the publicly available modules. The compilation process – available at Transparency Centers – provides security assurance about the integrity of Kaspersky’s source code. They can also check the Software Bill of Materials (SBOM) for Kaspersky products to enhance supply chain security; and review the results of third-party security audits (such as the SOC 2 audit report and ISO 27001 assessment report) – both remotely and physically.
Since the opening of the first Transparency Center in Switzerland in 2018, the company has organized over 25 visits, with enterprise customers becoming the most frequent guests. Information about Kaspersky’s data management practices has received the most attention from visitors, while source code reviews happen only occasionally, which could be explained by the existing need for cybersecurity capacities across organizations to properly approach product security evaluations. This, in particular, led to the launch of a dedicated Cyber Capacity Building Program (CCBP), by which Kaspersky experts aim to help a broader community worldwide learn practical tools and knowledge for such security assessments, and teach trainees about secure code review, code fuzzing and other.
Genie Gan, Head of Public Affairs for APAC, Kaspersky, said: “We are the first company in the cybersecurity industry to open our source code for external reviews. Kaspersky has been working hard to prove that we are a trustworthy and reliable partner. I would like to invite our potential and existing customers, and government regulators to our new Transparency centers and we will do our best to answer all possible questions about our source code, threat detection rules, software updates as well as about our engineering and data processing practices.”
Since 2017, Kaspersky has been implementing its Global Transparency Initiative. Some of the latest GTI developments include relocating its cyberthreat-related data processing and storage for Kaspersky’s users in Latin America and the Middle East to Switzerland, re-certification of Kaspersky’s data services by the independent certification body TÜV AUSTRIA, and the launch of the digital version of the “Cyber Capacity Building Program” that aims to help organizations worldwide develop practical tools and knowledge for security assessments.