Kaspersky Lab is opening a transparency centre in Madrid, which in addition to a similar centre opened in 2018 in Zurich, will serve as a trusted facility for the company’s partners and government stakeholders to come and check source code of the company’s products. In addition to being a code review facility, the new centre will function as a briefing centre where guests will be able to learn more about Kaspersky Lab’s engineering and data processing practices. The centre will open for its first visitors in June.
The new centre is being opened as part of the company’s Global Transparency Initiative – a set of measures being brought to life in order to fulfil growing demand from partners and government stakeholders for more information on how the Kaspersky Lab’s products and technologies work.
Since the company opened its first transparency centre in Zurich in November 2018, it has been receiving requests from business customers to learn more about how it is transparent, including queries on product functionality and data processing. Along with being a place to undertake ‘standard’ source code review, the Spanish facility will also serve as a briefing centre, where visitors can learn more about the company’s portfolio, engineering and data processing practices.
This information will be delivered in an easily accessible way. The company has developed a review system, offering multiple options that adjust in line with what visitors are specifically interested in learning about. This system offers multiple review options, from a general non-technical overview of the company’s engineering practices and data protection standards, through to a deep and comprehensive review of the critical parts of the company’s source code. More information about the available options can be found on the transparency centre’s website.
Kaspersky Lab’s Global Transparency Initiative was announced in October 2017 and continues to make good progress. In particular, the company:
- Started relocating customer data storage and processing infrastructure from Russia to Switzerland. Since November 13, 2018, threat-related data coming from European users is being processed in two data centres in Zurich. The relocation of file processing is expected to be complete by the end of 2019
- Has been working with one of the Big Four professional services firms on an audit of the company’s engineering practices around the development and release of its anti-virus bases. This has the goal of independently confirming their adherence with the highest industry security practices. A final SOC 2 (The Service and Organisation Controls) report for this assessment under the SSAE 18 standard (Statement of Standards for Attestation Engagements) is planned for Q2 2019
- Has been developing the Bug Bounty program. Since the announcement of the program’s extension, the company resolved more than 50 bugs reported by security researchers and awarded more than $17,000 in bounty rewards. We recently extended the scope of products available for review, giving security researchers the possibility to research Kaspersky Password Manager and Kaspersky Endpoint Security for Linux among others.
Kaspersky Lab believes that today’s ultra-connected global landscape requires increased transparency and continues to implement concrete measures that further demonstrate our enduring commitment to assuring the integrity and trustworthiness of the company’s solutions in the service of our customers.