KASPERSKY TRANSPARENCY CENTER

No other cybersecurity provider has done anything as far reaching as this.
In opening the Center, Kaspersky takes a significant step towards becoming completely transparent about its protection technologies, infrastructure and data processing practices.




Global Transparency Initiative
LEARN MORE ABOUT OUR TRANSPARENCY VISIT TRANSPARENCY CENTER
Transparency Center

What is Transparency Center?

A dedicated facility to review the company's code, software updates, threat detection rules and other technical and business processes.

We provide the security information and infrastructure in the Transparency Center for consultation purposes only.

Any actions to modify the company’s source code, software updates, or threat detection rules are forbidden, and will be prevented by Kaspersky; any abuse will be reported to the local law enforcement agency.

Software Assembler

Who can check the source code?

We welcome:

  • State agencies and regulators responsible for national cybersecurity and the protection of information systems (decreed as such by the respective local legislation);
  • Enterprise partners and customers of Kaspersky anywhere in the world.

Academia, media and information security community experts are being considered as potential invitees to the Transparency Center in the future.

How to get access

How to get access?

To request access to the Transparency Center, please contact [email protected]

Our Transparency Centers are located in Zurich (Switzerland), Madrid (Spain), São Paulo (Brazil), and Kuala Lumpur (Malaysia).

We provide remote access to our Transparency Centers for the 'blue piste' option for external assessment (please check below)

Kaspersky
Transparency Center

We invite government experts and enterprise clients to review the company's source code, software updates, and threat detection rules, and other technical and business processes

Kaspersky's experts will assist and provide any technical consultations on the company's source code and technologies

Conveyor


At the Transparency Center there are three options for independent assessment of Kaspersky products:

Transparency Center

‘Blue Piste’ - An overview of (i) Kaspersky’s security and transparency best practices, (ii) its products and services, and (iii) its data center. The company’s security experts will answer any questions regarding the company’s data processing practices and the functioning of Kaspersky’s solutions, together with a live demonstration of a source-code review. This is the best option for getting acquainted with both the company’s engineering practices and unparalleled data protection standards.

Software Assembler

‘Red Piste’ - A review of the most critical parts of the source code by a client or regulatory stakeholder, assisted by the company’s experts. This option permits a more targeted, less time-consuming analysis of particular functionality, yet still enables one to become fully assured of the code’s safety.

How to get access

‘Black piste’ - The deepest and most comprehensive review of the most critical parts of Kaspersky’s source code, assisted by the company’s experts. This option is provided to both regulatory stakeholders and clients who want to conduct a comprehensive code review and get the highest possible assurance of both the quality and security of Kaspersky products. For experts only.


Government regulators and enterprise clients might request to:

  • Review our secure software development documentation, including threat analysis, secure review, and application security testing processes;
  • Review the source code of: Kaspersky Internet Security (KIS), our flagship consumer product; Kaspersky Endpoint Security (KES), our flagship enterprise product; and Kaspersky Security Center (KSC), a control console for our enterprise products;
  • Review all versions of our builds and AV-database updates;
  • Review types of information which, in general, Kaspersky products send to the our cloud-based Kaspersky Security Network (KSN);
  • Rebuild the source code to make sure it corresponds to publicly available modules;
  • Review the results of an external audit of the company’s engineering practices conducted by one of the Big Four accounting firms;
  • Review the Software Bill of Materials (SBOM) for Kaspersky Internet Security (KIS), our flagship consumer product; Kaspersky Endpoint Security (KES), our flagship enterprise product; and Kaspersky Security Center (KSC), a control console for our enterprise products.

SECURITY OF OUR CUSTOMERS IS A TOP PRIORITY FOR US

We follow the strictest access-policy practices and reserve the right to turn down a request if it could potentially cause a security breach.

Under no circumstances whatsoever will Kaspersky provide intelligence or law enforcement agencies that have a mandate and/or capability for cyber-offensive operations with access to the Transparency Center.