Zoom’s Bug Bounty program helps protect customers

Zoom’s Bug Bounty program helps protect customers

The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers.

FPJ Web DeskUpdated: Thursday, March 23, 2023, 05:11 PM IST
article-image
Zoom’s Bug Bounty program helps protect customers | Zoom- Brent Andeck Photography LLC

Zoom has released the FY23 results of the company’s Bug Bounty Program. In an effort to protect customers by quickly identifying bugs, the invitation-only program helps Zoom connect and engage with researchers who help identify risks. In 2022, Zoom invited researchers to join their HackerOne program and welcomed more members into the Bug Bounty Program.

2022 in retrospect

The ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances. That’s why the bug bounty program focuses on recruiting skilled, effective researchers. In 2022, the company sent additional invitations to researchers to join our HackerOne program with a focus on attracting active security talent. The company also likes to go beyond the program to find talent, so it tapped into the community via industry events like H1-702.

To celebrate successful report submissions and the hard work researchers conduct on behalf of Zoom, the company awarded $3.9M in bounties to hundreds of researchers in 2022, and over $7M to date since the program began.

Beyond identifying vulnerabilities, outside researchers’ support has helped the program make other forms of progress at Zoom. The reports demonstrate items that need attention, flag root-level causes for issues, create better cross-functional alignment, and find potential threats before they become a problem. As a result, the time to resolution for bug bounty reports has significantly improved over the past two years.

Updating our program for 2023 and beyond

Looking ahead to 2023 and beyond, Zoom is evolving the program to add a scoring system called the Vulnerability Impact Scoring System (VISS), which will be used alongside the industry-standard Common Vulnerability Scoring System (CVSS). VISS analyzes thirteen different aspects of impact for each vulnerability reported as they relate to Zoom infrastructure, technology, and security of customer data, seeking to focus more on measurability responsibly demonstrated impact, rather than the theoretical possibility of exploitation.

RECENT STORIES

PNB Removes Penalty On Minimum Balance, Big Relief For Crores Of Savings Account Holders

PNB Removes Penalty On Minimum Balance, Big Relief For Crores Of Savings Account Holders

Around 15,000 Workers Across 40 Jute Mills In West Bengal Promoted To Categories Of 'Special Badli'...

Around 15,000 Workers Across 40 Jute Mills In West Bengal Promoted To Categories Of 'Special Badli'...

SEBI Issues Immediate Order Against Investopher, Research Analyst Firm Faces Regulatory Action...

SEBI Issues Immediate Order Against Investopher, Research Analyst Firm Faces Regulatory Action...

Microsoft's 25-Year Employee Writes Emotional LinkedIn Post After Lay-Off; Netizens React

Microsoft's 25-Year Employee Writes Emotional LinkedIn Post After Lay-Off; Netizens React

RBI Bans Pre-Payment Charges On Biz Loans, New Rules To Help Individuals, MSEs From 2026

RBI Bans Pre-Payment Charges On Biz Loans, New Rules To Help Individuals, MSEs From 2026