Zoom’s Bug Bounty program helps protect customers

Zoom’s Bug Bounty program helps protect customers

The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers.

FPJ Web DeskUpdated: Thursday, March 23, 2023, 05:11 PM IST
article-image
Zoom’s Bug Bounty program helps protect customers | Zoom- Brent Andeck Photography LLC

Zoom has released the FY23 results of the company’s Bug Bounty Program. In an effort to protect customers by quickly identifying bugs, the invitation-only program helps Zoom connect and engage with researchers who help identify risks. In 2022, Zoom invited researchers to join their HackerOne program and welcomed more members into the Bug Bounty Program.

2022 in retrospect

The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers. In 2022, the company sent additional invitations to researchers to join our HackerOne program with a focus on attracting active security talent. The company also likes to go beyond the program to find talent, so it tapped into the community via industry events like H1-702.

To celebrate successful report submissions and the hard work researchers conduct on behalf of Zoom, the company awarded $3.9M in bounties to hundreds of researchers in 2022, and over $7M to date since the program began.

Beyond identifying vulnerabilities, outside researchers’ support has helped the program make other forms of progress at Zoom. The reports demonstrate items that need attention, flag root-level causes for issues, create better cross-functional alignment, and find potential threats before they become a problem. As a result, the time to resolution for bug bounty reports has significantly improved over the past two years.

Updating our program for 2023 and beyond

Looking ahead to 2023 and beyond, Zoom is evolving the program to add a scoring system called the Vulnerability Impact Scoring System (VISS), which will be used alongside the industry-standard Common Vulnerability Scoring System (CVSS). VISS analyzes thirteen different aspects of impact for each vulnerability reported as they relate to Zoom infrastructure, technology, and security of customer data, seeking to focus more on measurability responsibly demonstrated impact, rather than the theoretical possibility of exploitation.

(To receive our E-paper on WhatsApp daily, please click here.  To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

ADVERTISEMENT

RECENT STORIES

Tata Motor (Singapore) To Acquire 25% Stake In Swiss E-Mobility Group

Tata Motor (Singapore) To Acquire 25% Stake In Swiss E-Mobility Group

IndusInd Bank Opens New Branch In Nagpur

IndusInd Bank Opens New Branch In Nagpur

Elon Musk Announces Twitter's Plan To Pay Verified Content Creators for Ads in Replies

Elon Musk Announces Twitter's Plan To Pay Verified Content Creators for Ads in Replies

Trouble managing home loan repayments? These tips will help

Trouble managing home loan repayments? These tips will help

Checklist of elevator essentials for new residential societies

Checklist of elevator essentials for new residential societies