Monday, April 29, 2024

Global Transparency Initiative update, April 2024 | Kaspersky official blog

Evidence-based approach toward IT product security assessment is a powerful tool that allows to evaluate the trustworthiness of solutions. That is why since year 2018 we continue to expand our Global Transparency Initiative all over the world. Just at the end of April we opened our twelfth Transparency Center in Istanbul, Turkey, where our partners and customers, as well as cybersecurity regulators can learn more about our solutions, review the source code of our on-premise products, software updates, and threat detection rules. Additionally, visitors can check the results of independent audits of our products and get access to the list of software components — Software Bill of Materials (SBOM).

Also, while opening a new Transparency Center we signed a Memorandum of Understanding (MoU) between Kaspersky and Boğaziçi University, a prominent public university in Istanbul. It was signed by Kaspersky CEO Eugene Kaspersky and Boğaziçi University Rector Prof. Dr. Mehmet Naci İnci, and its main aim is to establish a framework for mutual technological cooperation in future academic programs.

As a main part of the MoU, Kaspersky and Boğaziçi University will launch a Transparency Lab, which will focus on educating students on methodologies and techniques for evaluating the quality and trustworthiness of solutions within the supply chain in line with the company’s Cyber Capacity Building Program, which is one of the GTI pillars. The Transparency Lab will provide practical educational seminars, offered in both onsite and online format by Kaspersky.

2023 GTI Milestones

More than a year has passed since our previous Global Transparency Initiative update on Kaspersky Daily blog. So we decided to highlight GTI milestones of the year 2023 in this post.

Two new transparency centers – one in Africa and one in the Middle East

In 2023, we opened two new Transparency Centers. First was opened in Riyadh, capital of Saudi Arabia, and second in Kigali, capital of Rwanda. Both Transparency Centers became first in their regions (Middle East and Africa respectively).

Proposing ethical principles for artificial intelligence development and use in cybersecurity

In order to apply AI in cybersecurity without negative consequences, we proposed that the industry adopt a set of AI ethical principles. In short here they are:

  • Transparency (users have the right to know if a security provider uses AI systems, how these systems make decisions and for what purposes)
  • Safety (AI developers must prioritize resilience and security)
  • Human control (results and performance of machine learning systems should be constantly monitored by experts)
  • Privacy (developers must employ measures to uphold the rights of individuals to privacy)
  • Developed for cybersecurity (AI in information security must be used solely for defensive purposes)
  • Open for dialogue (the obstacles associated with the adoption and use of AI for security can be overcome only through cooperation of the cybersecurity industry).

Here you can learn more about our principles of ethical use of AI in cybersecurity.

Passing the SOC 2 Type 2 audit

In June 2023, we passed the Service Organization Control for Service Organizations (SOC 2) audit that analyzed the company’s controls over a six-month period. The audit was carried out by a team of accountants from an independent service auditor. As a result of the audit, it was concluded that Kaspersky’s internal controls to ensure regular automated antivirus database updates are effective, while the processes for developing and implementing antivirus databases are protected from tampering.

Releasing regular transparency reports

Every six months we released a regular report on requests from governments and law enforcement agencies that we received. The latest report detailed requests for the second half of year 2023. During this period there were 63 requests from governments and agencies based in five countries. More than one third of the requests was rejected due to an absence of data or because they didn’t meet legal verification requirements. We also shared a short report on requests from our users for removal of personal information, provision of stored information as well as requests to find out what information is stored and where.


To learn more about Global Transparency Initiative or request visiting Transparency Center, please check our new interactive website about the project, which showcases how the GTI developed since its inception.

from Kaspersky official blog

No comments:

Post a Comment