Zoom’s Bug Bounty program helps protect customers
The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers.
Zoom has released the FY23 results of the company’s Bug Bounty Program. In an effort to protect customers by quickly identifying bugs, the invitation-only program helps Zoom connect and engage with researchers who help identify risks. In 2022, Zoom invited researchers to join their HackerOne program and welcomed more members into the Bug Bounty Program.
2022 in retrospect
The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers. In 2022, the company sent additional invitations to researchers to join our HackerOne program with a focus on attracting active security talent. The company also likes to go beyond the program to find talent, so it tapped into the community via industry events like H1-702.
To celebrate successful report submissions and the hard work researchers conduct on behalf of Zoom, the company awarded $3.9M in bounties to hundreds of researchers in 2022, and over $7M to date since the program began.
ALSO READ
Beyond identifying vulnerabilities, outside researchers’ support has helped the program make other forms of progress at Zoom. The reports demonstrate items that need attention, flag root-level causes for issues, create better cross-functional alignment, and find potential threats before they become a problem. As a result, the time to resolution for bug bounty reports has significantly improved over the past two years.
Updating our program for 2023 and beyond
Looking ahead to 2023 and beyond, Zoom is evolving the program to add a scoring system called the Vulnerability Impact Scoring System (VISS), which will be used alongside the industry-standard Common Vulnerability Scoring System (CVSS). VISS analyzes thirteen different aspects of impact for each vulnerability reported as they relate to Zoom infrastructure, technology, and security of customer data, seeking to focus more on measurability responsibly demonstrated impact, rather than the theoretical possibility of exploitation.
RECENT STORIES
-
Lok Sabha Elections 2024: Police Complaint Against Congress Candidate Shashi Singh -
Mumbai News: Central Railway Planning To Acquire Three Additional Air Conditioned Rakes As Demand... -
Mumbai: Auto Driver Flashes At Woman In Khar West; Accused Arrested -
Lok Sabha Elections 2024: Bhupesh Baghel, Senior Observer For Rahul’s Constituency -
Lok Sabha Elections 2024: Fate Of 168 Candidates Including BJP, Congress To Be Sealed In EVMs On May...