Kaspersky opened its latest Transparency Center in Seoul, South Korea, reaffirming its commitment to delivering the best security assurance for its products and services. Located in the Kaspersky office, the new facility will provide the company’s stakeholders with services ranging from an overview of Kaspersky’s practices, to a review of product source codes.
Kaspersky served as a pioneer in advancing digital trust by launching the Global Transparency Initiative (GTI) and becoming the first cybersecurity company to open its source code for external review. Advocating for a verifiable approach to the trustworthiness of cybersecurity products, Kaspersky has been providing the company’s stakeholders with the opportunity to conduct independent reviews of its threat detection rules, software updates, and even the source code of its solutions at Transparency Centers across the globe.
The Kaspersky Transparency Center in Seoul – the fourth in the APAC region – will welcome the company’s customers and business partners, as well as local regulators responsible for cybersecurity. Guests will be able to choose one of three review options for their visit, depending on the depth of security assessment needed:
- “Blue piste” offers a general overview of the security development processes of Kaspersky products and services, as well as its data management practices;
- “Red piste” allows for a review of the most critical aspects of source code, assisted by the company’s specialists, and provides a targeted analysis of a particular functionality;
- “Black piste” enables visitors to conduct the most comprehensive and thorough source code review, with the help of Kaspersky’s experts.
The company’s secure software development documentation, including threat analysis, secure review, and application security testing processes, as well as the Software Bill of Materials can also be examined in the course of a Transparency Center visit.
Genie Sugene Gan, Director of Government Affairs and Public Policy, Asia-Pacific-Japan and META regions for Kaspersky, commented: “Kaspersky Transparency Centers are a testament to our commitment to building a more accountable cybersecurity ecosystem. By opening our new Seoul Center, we believe that, by sharing our practices with the broader community, we can foster greater trust in ICT solutions, while also contributing to the collective effort to combat global cyberthreats.”
In addition to Transparency Centers, since its launch Kaspersky’s GTI also introduced additional mechanisms to enhance digital trust and promote greater accountability in the cybersecurity field. These include the relocation of cyberthreat-related data storage and processing to Zurich, Switzerland; independent third-party reviews of internal processes and engineering practices; the launch of a security training Cyber Capacity Building Program; increasing of bug bounty rewards up to US$100k per the most critical vulnerabilities found in Kaspersky products, and releasing Transparency Reports, consisting of two parts and revealing information on requests received from government and law enforcement agencies, and users for their personal data.
New edition of Kaspersky’s Transparency report
Kaspersky publicly shares its approach to responding to requests from government and law enforcement agencies in two categories — user data and technical expertise. The company’s latest “Law Enforcement and Government Requests” report, covering the first half of 2024, reveals it received a total of 61 requests from nine countries during the reporting period, with all requests asking for technical expertise. This constitutes a 10.3 percent decrease in the number of requests compared to the same period in 2023. Along with the data on law enforcement and government requests, the report on user requests for the provision or removal of stored information has been published.
The measures introduced as part of the GTI constitute a comprehensive framework that can help external parties assess the security and trustworthiness of our cybersecurity products. Additionally, these measures constitute an industry best practice in increasing resilience against digital risks.
