Kaspersky offered third-party review of code before ban from US markets

Following the US ban on Kaspersky products and subsequent updates to its software, the Moscow-based antivirus company has revealed it had offered a third-party review into its code in an effort to convince the country’s government to allow it to continue operating in US markets.

The company proposed a “comprehensive assessment framework” to show the Kremlin does not have access to its software.

However the proposal was rejected by the US, Kaspersky says (via TheRegister).

US remains unconvinced

Kaspersky has not been dismayed by the rejection, and hopes to continue its push to prove it is not a national security concern and re-enter the US markets that accounted for just under 10% of its global revenue in 2023.

A blog post shared by CEO Eugene Kaspersky looked to reassure US that its proposed assessment framework “can address most ICT supply chain risks relating to product development and distribution in an effective and verifiable manner.”

“These are in fact the mitigation measures we’ve submitted in a proposal for discussion to the US Department of Commerce – once again confirming our openness to dialogue and determination to provide the ultimate level of security assurances,” the statement continued, before concluding with, “However, our proposal was simply ignored.”

The assessment criteria proposed by Kaspersky would examine local data processing, and ensure that data processed in the US would remain in the US to reassure authorities that the Kremlin would not be able to get its hands on it.

The criteria would also ensure that data processed by Kaspersky would not include any personal information of its customers. Kaspersky’s threat database would also be under scrutiny to ensure that the updates it pushes for its software do not include anything suspicious. All three of these processes would be overseen by an independent third party.

Speaking on the proposed framework, Kaspersky VP of Public Affairs Yuliya Shlychkova said, “It’s important that it’s a two-way stream. One way is what data is being sent to Kaspersky solutions, and another stream is what data is being pushed from Kaspersky solutions towards users, and both streams are being checked by the third-party reviewers.”

In an effort to underline its commitment to remaining a neutral party despite recently increased tensions between the US and Russia, Kaspersky has also offered the same framework to the EU as a show of good faith.