Kaspersky offered external code review before ban from US markets
Following the US ban on Kaspersky products and subsequent software updates, the Moscow-based antivirus company announced that it has offered a third-party review of its code in an attempt to convince the country’s government to allow Kaspersky to remain active in the US market.
The company proposed a “comprehensive assessment framework” to demonstrate that the Kremlin does not have access to its software.
However, the proposal was rejected by the US, Kaspersky said (via The register).
US remains unconvinced
Undaunted by the rejection, Kaspersky hopes to continue its efforts to prove that it is not a national security problem. In 2023, the company hopes to re-enter the U.S. market, which accounted for just under 10% of the company’s global revenue.
A blog post shared by CEO Eugene Kaspersky attempted to convince the US that the proposed assessment framework “can effectively and verifiably address most ICT supply chain risks related to product development and distribution.”
“These are in fact the mitigation measures we submitted in a proposal for discussion at the U.S. Department of Commerce – reaffirming our openness to dialogue and determination to provide the ultimate level of security assurances,” the statement continued, before ending with: “However, our proposal was simply ignored.”
Kaspersky’s proposed assessment criteria would examine local data processing and ensure that data processed in the U.S. remains in the U.S., so authorities would be confident that the Kremlin would not gain access to it.
The criteria would also ensure that the data processed by Kaspersky does not contain any personal information about its customers. Kaspersky’s threat database would also be scrutinized to ensure that the updates it pushes for its software do not contain anything suspicious. All three of these processes would be audited by an independent third party.
Speaking about the proposed framework, Yuliya Shlychkova, VP of Public Affairs at Kaspersky, said: “It’s important that it’s a two-way flow. One side is what data is sent to Kaspersky solutions, and the other flow is what data is pushed from Kaspersky solutions to users, and both flows are checked by external reviewers.”
To emphasise its commitment to remaining a neutral party despite the recent heightened tensions between the US and Russia, Kaspersky has also offered the same framework to the EU as a sign of good faith.