Kaspersky to open security code, but will it restore trust?
["china"]
Moscow-based cybersecurity firm Kaspersky Lab wants to reassure customers that it isn't controlled by the Russian government by opening up its software’s underlying code for outside review. But many say the move is meaningless.
In September, the US government barred federal agencies from using Kaspersky’s anti-virus products because of concerns about its ties to the Kremlin and Russian spy operations. News reports have since linked Kaspersky software to an alleged theft of cybersecurity information from the US National Security Agency.
The company has repeatedly denied the allegations and says it’s been dragged into the middle of a “geopolitical fight.”
Kaspersky to open up its software’s underlying code for outside review. /Photo via Reuters

Kaspersky to open up its software’s underlying code for outside review. /Photo via Reuters

Now Kaspersky says it will provide the source code of its software – including software updates and threat-detection rules updates – for independent review and assessment. Experts, however, say such a review can only reveal so much, and thus would do little to address concerns of customers and the US government.
“They’re trying to salvage their reputation,” said Blake Darche, a former NSA worker who is now chief security officer for security firm Area 1. “I don’t see how it addresses the allegations against them in any meaningful way.”
“This review is a red herring that doesn’t address any of the fundamental underlying concerns with Kaspersky products, most significantly, that Russian law enables the Kremlin to monitor data transmissions, including Kaspersky’s,” US Senator Jeanne Shaheen, a New Hampshire Democrat and regular Kaspersky critic, said in a statement Monday.
The suspicion has taken a toll on Kaspersky. Shortly after the federal ban, retailers such as Best Buy and Office Depot also stopped selling its consumer security software.
Then news broke in early October that hackers allegedly working for the Kremlin used Kaspersky’s software to steal information from a National Security Agency contractor about how the US infiltrates foreign networks and defends against cyberattacks. The company denied involvement.
CEO Eugene Kaspersky said on Twitter on Monday that’s he’s evaluating contractors who can conduct an independent code review. /Screenshot via Twitter

CEO Eugene Kaspersky said on Twitter on Monday that’s he’s evaluating contractors who can conduct an independent code review. /Screenshot via Twitter

By 2020, the company says it plans to open three centers in Europe, Asia and the United States where it says customers, government agencies and concerned organizations will also be able to review its code.
Security researcher Chris Wysopal said he welcomed multiple, independent reviewers, but cautioned that such analyses can provide only a snapshot of how the software works at a given moment in time. Like phone apps and other programs, security software is frequently updated.
“Even with this transparency, there’s still a level of trust you have to give the company,” said Wysopal, the chief technology officer of Vericode, a part of CA Technologies. “But this is a world we live in. There’s a supply chain. We live in a world of dynamic software, constantly updating.”
5806km
Source(s): AP