In an attempt to dispell rumors that its software is being used as a backdoor into users' computers, Kaspersky Labs said today it would subject its security products to an independent third-party source code review.
The source code audit will be part of Kaspersky's larger plan named the Global Transparency Initiative that will also include an audit of its infrastructure and product development cycle.
Kaspersky plans to hire a trusted partner to carry out the security audit and offer results to governments and organizations that need reassurance that Kaspersky products aren't spying on users and allowing the FSB to search and collect sensitive data from users' computers, as the US government has alleged in the past few months.
The code review process will begin sometime in the first quarter of 2018. The security vendor is currently looking for a trusted third-party to review the source code.
"We're evaluating contractors for independent code review," Eugene Kaspersky, Kaspersky Lab CEO, said today. "[We] will communicate this publicly when ready."
Kaspersky also plans to open three "transparency centers" in Europe, Asia, and the US, where companies and governments will be able to access the source code review results in a safe environment. Kaspersky plans to open the first transparency center next year, while the third will open by 2020.
In addition, the company has increased the maximum bug bounty reward to a whopping $100,000 for vulnerabilities discovered in main Kaspersky products.
The company's response comes after the US government has banned Kaspersky products from government computers, has pressured the private sector to stop using Kaspersky products, has interviewed Kaspersky employees, and after Office Depot and Best Buy have removed Kaspersky products from shelves.
It is still unclear if Kaspersky has allowed the FSB to use its product to search for government data on users' computers, or if the FSB hijacked the company's infrastructure without its knowledge.
A report from last week claims the FSB or Kaspersky might have used a technique called "silent signatures" to search data on users' computers. This technique is supported by most modern antivirus products and allows the AV maker to search for malware-related "strings" in users' files. The theory is that the FSB or Kaspersky employees might have used silent signatures to search for NSA-related files instead of malware.
"Internet balkanization benefits no one except cybercriminals," Kaspersky said today regarding the US government's recent accusations. "Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens."