Authored by: Yeo Siang Tiong, General Manager, SEA, Kaspersky Lab
Trust is essential and should be the foundation of any collaboration among those seeking to secure individuals, organisations and enterprises from cyberthreats.
In the cybersecurity industry, trust cannot be blindly given. It has to be earned through an ongoing commitment to transparency and accountability.
By now, most of the readers of CyberSecurity ASEAN would have read about the global transparency initiative, with the opening of the first transparency centre in Zurich, Switzerland.
During our South East Asia press tour, we also announced that there will be a transparency centre in APAC, which will be opening at later stage.
The Global Transparency Initiative, announced in October 2017, reflects our ongoing commitment to assuring the integrity and trustworthiness of our products. The new measures are the next steps in the development of the initiative, but they also reflect our commitment to working with others to address the growing challenges of industry fragmentation and breakdown of trust.
By the end of 2019, Kaspersky Lab will have established a data center in Zurich and this facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow. This information is shared voluntarily by users with the Kaspersky Security Network (KSN), an advanced, cloud-based system that automatically processes cyberthreat-related data.
We will also be relocating our software build conveyer to Zurich as well, which is a set of programming tools used to assemble ready-to-use software out of source code.
Before the end of 2018, Kaspersky Lab products and threat detection rule databases (AV databases) will start to be assembled and signed with a digital signature in Switzerland, before being distributed to the endpoints of customers worldwide.
The relocation will ensure that all newly assembled software can be verified by an independent organization and that software builds and updates received by customers match the source code provided for audit.
Source Code for Review
The source code of Kaspersky Lab products and software updates will be available for review by independent security researchers.
Bug Bounty Program
Anyone who finds a particularly severe vulnerability in one of our products, could receive a reward of up to USD100,000.
We launched the bug bounty program in 2016, with cash rewards of USD300 to USD5,000 and with the launch of our Transparency Initiative we have increased the bug bounty awards up to $100,000. Thus far, the program has already led to more than 70 bug reports, and timely action on our part to resolve the issues.
Challenge the Norm
We are the first technology company to take trust and transparency to a newer level. Such practice is unheard of by any industry standard. However, this level of transparency is needed in this world inundated with malice actions, fake news, political lobbying, unnecessary name-calling and superficial headlines.
It’s like having an X-ray system screening everything we do, to show the world we have nothing to hide.
Do not just take the words per se from the cybersecurity partners or vendors you are working with. Test and challenge them. Are they prepared to do the same for you?