Zoom’s Bug Bounty program helps protect customers

Zoom’s Bug Bounty program helps protect customers

The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers.

FPJ Web DeskUpdated: Thursday, March 23, 2023, 05:11 PM IST
article-image
Zoom’s Bug Bounty program helps protect customers | Zoom- Brent Andeck Photography LLC

Zoom has released the FY23 results of the company’s Bug Bounty Program. In an effort to protect customers by quickly identifying bugs, the invitation-only program helps Zoom connect and engage with researchers who help identify risks. In 2022, Zoom invited researchers to join their HackerOne program and welcomed more members into the Bug Bounty Program.

2022 in retrospect

The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers. In 2022, the company sent additional invitations to researchers to join our HackerOne program with a focus on attracting active security talent. The company also likes to go beyond the program to find talent, so it tapped into the community via industry events like H1-702.

To celebrate successful report submissions and the hard work researchers conduct on behalf of Zoom, the company awarded $3.9M in bounties to hundreds of researchers in 2022, and over $7M to date since the program began.

Beyond identifying vulnerabilities, outside researchers’ support has helped the program make other forms of progress at Zoom. The reports demonstrate items that need attention, flag root-level causes for issues, create better cross-functional alignment, and find potential threats before they become a problem. As a result, the time to resolution for bug bounty reports has significantly improved over the past two years.

Updating our program for 2023 and beyond

Looking ahead to 2023 and beyond, Zoom is evolving the program to add a scoring system called the Vulnerability Impact Scoring System (VISS), which will be used alongside the industry-standard Common Vulnerability Scoring System (CVSS). VISS analyzes thirteen different aspects of impact for each vulnerability reported as they relate to Zoom infrastructure, technology, and security of customer data, seeking to focus more on measurability responsibly demonstrated impact, rather than the theoretical possibility of exploitation.

RECENT STORIES

'SS Leadership Must Resign': Elon Musk Attacks US Secret Service Over Donald Trump Firing, Calls...

'SS Leadership Must Resign': Elon Musk Attacks US Secret Service Over Donald Trump Firing, Calls...

'Saving To Sleep': Study Suggests Correlation Between Saving Money And Improved Slumber

'Saving To Sleep': Study Suggests Correlation Between Saving Money And Improved Slumber

Trump Shooting: After Elon Musk, Apple's Tim Cook Reacts To Violence Against Former President

Trump Shooting: After Elon Musk, Apple's Tim Cook Reacts To Violence Against Former President

Trump Shooting: Google Chief Sundar Pichai Reacts To Incident; Says, 'Political Violence Is...

Trump Shooting: Google Chief Sundar Pichai Reacts To Incident; Says, 'Political Violence Is...

Elon Musk Reacts To Trump Shooting; Says He Endorses Former President And Hopes For His Rapid...

Elon Musk Reacts To Trump Shooting; Says He Endorses Former President And Hopes For His Rapid...