I have great news.
No, let’s start again.
I HAVE GREAT NEWS!
We’re about to launch (deep breath) the Global Transparency Initiative. The clue’s in the name: It’s all about, well yes, transparency. Now for some details.
BTW, there’s a tasty offer for all cybersecurity experts coming up below. So make sure you read to the end!
What is this Global Transparency Initiative, exactly?
In the very near future — the beginning of next year, to be precise, we’ll open up the source code of our products for third-party analysis and audit. We’ve long carried out regular internal audits of this kind, but since that’s no longer enough, we are totally OK with taking one more step — we have nothing to hide anyway.
Early 2018 will see the unveiling of the first of three planned Transparency Centres. These three centres will be up and running in Europe, Asia, and the US by 2020.
Let’s cut to the chase: We’ll open not only the source code of our products, but also updates of our AV databases and updates to the software itself. So if there are vulnerabilities or, God forbid, backdoors that we don’t know about ANYWHERE, they will be revealed and we won’t be able to keep it under wraps.
But we wouldn’t want to anyway!
Why are we doing this?
Very simple. Cybersecurity is based on trust, and trust without transparency ain’t possible. No, sir. Not unlike life’s other vitals.
You wouldn’t have surgery if you didn’t trust the guy holding the knife. You wouldn’t entrust your child to a kindergarten if you yourself weren’t allowed inside. You wouldn’t buy groceries if the label didn’t have a best-by date. Let me stress that what we’re talking about here isn’t even actual flaws, but simply the possibility of them. When it comes to what matters most, there should be no trade-offs.
No one believes that more than we do.
Our users are our be-all and “endpoint”-all, so we’re ready to strip naked, digitally speaking. We’re going to x-ray our products and destroy the magic halo that surrounds the IT world. The magic’s fairly minimal, to be honest — just clean code and no skulduggery.
One more thing. You probably noticed we’re living in times of turbulence and near-revolutionary change — the era of post-truth, when emotions are more important than facts. And in such a world, when we find an island of reliability and security, we need to drop anchor and wade ashore.
Kaspersky Lab is one such island, and we are willing to prove it.
I firmly believe that this is the natural result of two decades of cutting-edge development. If we didn’t launch this initiative now, we’d do it in a few years anyway. If we didn’t launch it, someone else would. So I want to extend yet another big thank-you to America’s politicians. Thanks to them, we’re again ahead of the global curve: I’m confident that in a couple of years this kind of transparency will become a new industry standard. It’s always good to be a pioneer.
Important note: You should not be worried that we’ll disclose our source code to just anyone. Our main goal is to protect our customers, and therefore we will ensure that the source code is disclosed only to regulators and authorised law enforcement. It will be checked under our close supervision in a Sensitive Compartmented Information Facility (SCIF). IT WILL NOT BE physically provided to any outside agency — the review will take place in the independent centre where we invite regulators.
Once again — we will not provide source code on a memory stick to anyone who asks. It will be a strongly regulated but nevertheless transparent procedure accomplished in a third-party-provided SCIF.
And now for the offer I promised.
Within the Global Transparency Initiative framework, we’ve upgraded our bug bounty program. All of the juicy details will be rolled out by the end of this year, but for now here’s a little spoiler: The top reward will hit $100,000. That’s, one sec, 20 times as high as the previous best offer.
So, cybersecurity experts of the world, unite! Together we will banish mistrust and continue to protect people all around the world.