An evidence-based approach to IT products’ security assessments is a powerful tool permitting accurate evaluations of those products’ trustworthiness. That’s why we’ve been continuing to expand our Global Transparency Initiative all over the world since its inception in 2018. On April 30we opened our 12th Transparency Center – this time in Istanbul, Turkey, where our partners and clients, and also cybersecurity regulators can learn more about our solutions, and review the source code of our products, software updates, and threat detection rules. Additionally, visitors can check the results of independent audits of our products and get access to the list of software components — the software bill of materials (SBOM).
Also, while opening the new Transparency Center we signed MoU between Kaspersky and Boğaziçi University, a prominent public university in Istanbul. It was signed by Kaspersky CEO Eugene Kaspersky and Boğaziçi University Rector Prof. Dr. Mehmet Naci İnci, and its main aim is to establish a framework for mutual technological cooperation in future academic programs.
As a main part of the MoU, Kaspersky and Boğaziçi University will launch a Transparency Lab, which will focus on educating students on methodologies and techniques for evaluating the quality and trustworthiness of solutions within the supply chain in line with the company’s Cyber Capacity Building Program, which is one of the GTI pillars. The Transparency Lab will provide practical educational seminars offered both on-site and in online format by Kaspersky.
2023 GTI Milestones
More than a year has passed since our previous Global Transparency Initiative update on our Kaspersky Daily blog. We therefore decided to highlight the GTI milestones of the year 2023 in this post.
Two new transparency centers – one in Africa and one in the Middle East
In 2023, we opened two new Transparency Centers. The first was opened in Riyadh, the capital of Saudi Arabia, and the second – in Kigali, the capital of Rwanda. Both Transparency Centers are firsts in their regions (the Middle East and Africa, respectively).
Proposing ethical principles for artificial intelligence development and use in cybersecurity
In order to apply AI in cybersecurity without negative consequences, we proposed that the industry adopt a set of AI ethical principles. Briefly, here they are:
- Transparency (users have the right to know if a security provider uses AI systems and, if so, how these systems make decisions and for what purposes)
- Safety (AI developers need to prioritize resilience and security)
- Human control (results and performance of machine learning systems should be constantly monitored by experts)
- Privacy (developers need to employ measures to uphold the rights of individuals to privacy)
- Developed for cybersecurity (AI in information security must be used solely for defensive purposes)
- Open for dialogue (the obstacles associated with the adoption and use of AI for security can be overcome only through the cooperation of all stakeholders and the cybersecurity industry).
Here you can learn more about our principles of ethical use of AI in cybersecurity.
Passing the SOC 2 Type 2 audit
In June 2023, we passed a Service Organization Control for Service Organizations (SOC 2) audit, which analyzed the company’s internal operating controls over a six-month period. The audit was carried out by a team of accountants from an independent service auditor. As a result of the audit, it was concluded that Kaspersky’s internal controls for ensuring regular automated antivirus-database updates are effective, while the processes for developing and implementing antivirus databases are protected from tampering.
Releasing regular transparency reports
Every six months, we release a regular report on requests from governments and law enforcement agencies that we receive. The latest report detailed requests for the second half of year 2023. During this period there were 63 requests from governments and agencies based in five countries. More than a third of the requests were rejected due to an absence of data or because they did not meet legal verification requirements. We also shared a short report on requests from our users for removal of personal information, provision of stored information, as well as requests to find out what information is stored and where.
To learn more about our Global Transparency Initiative, or to request a visit to a Transparency Center, please check our new interactive website for the project, which showcases how the GTI has developed since it was established.