What is Transparency Center?
A dedicated facility to review the company's code, software updates, threat detection rules and other technical and business processes.
We provide the security information and infrastructure in the Transparency Center for consultation purposes only.
Any actions to modify the company’s source code, software updates, or threat detection rules are forbidden, and will be prevented by Kaspersky; any abuse will be reported to the local law enforcement agency.
Who can check the source code?
State agencies and regulators responsible for national cybersecurity and the protection of information systems (decreed as such by the respective local legislation);
Enterprise partners and customers of Kaspersky anywhere in the world.
Academia, media and information security community experts are being considered as potential invitees to the Transparency Center in the future.
How to get access?
To request access to the Transparency Center, please contact TransparencyCenter@kaspersky.com
Our Transparency Centers are located in Kuala Lumpur (Malaysia), Madrid (Spain), Rome (Italy), São Paulo (Brazil), Singapore, Tokyo (Japan), Utrecht (the Netherlands), Woburn (the United States), and Zurich (Switzerland).
We provide remote access to our Transparency Centers for the 'blue piste' option for external assessment (please check below).
Kaspersky Transparency Center
Kaspersky's experts will assist and provide any technical consultations on the company's source code and technologies
At the Transparency Center there are three options for independent assessment of Kaspersky products:
‘Blue Piste’ - An overview of (i) Kaspersky’s security and transparency best practices, (ii) its products and services, and (iii) its data center. The company’s security experts will answer any questions regarding the company’s data processing practices and the functioning of Kaspersky’s solutions, together with a live demonstration of a source-code review. This is the best option for getting acquainted with both the company’s engineering practices and unparalleled data protection standards.
‘Red Piste’ - A review of the most critical parts of the source code by a client or regulatory stakeholder, assisted by the company’s experts. This option permits a more targeted, less time-consuming analysis of particular functionality, yet still enables one to become fully assured of the code’s safety.
‘Black piste’ - The deepest and most comprehensive review of the most critical parts of Kaspersky’s source code, assisted by the company’s experts. This option is provided to both regulatory stakeholders and clients who want to conduct a comprehensive code review and get the highest possible assurance of both the quality and security of Kaspersky products. For experts only.
Government regulators and enterprise clients might request to:
Review our secure software development documentation, including threat analysis, secure review, and application security testing processes;
Review the source code of: Kaspersky Internet Security (KIS), our flagship consumer product; Kaspersky Endpoint Security (KES), our flagship enterprise product; and Kaspersky Security Center (KSC), a control console for our enterprise products;
Review all versions of our builds and AV-database updates;
Review types of information which, in general, Kaspersky products send to the our cloud-based Kaspersky Security Network (KSN);
Rebuild the source code to make sure it corresponds to publicly available modules;
Review the results of an external audit of the company’s engineering practices conducted by one of the Big Four accounting firms;
Review the Software Bill of Materials (SBOM) for Kaspersky Internet Security (KIS), our flagship consumer product; Kaspersky Endpoint Security (KES), our flagship enterprise product; and Kaspersky Security Center (KSC), a control console for our enterprise products.
SECURITY OF OUR CUSTOMERS IS A TOP PRIORITY FOR US
We follow the strictest access-policy practices and reserve the right to turn down a request if it could potentially cause a security breach.
Under no circumstances whatsoever will Kaspersky provide intelligence or law enforcement agencies that have a mandate and/or capability for cyber-offensive operations with access to the Transparency Center.