Express Computer
Home  »  News  »  Protecting Zoom and our customers: a look at our Bug Bounty program’s success in 2022  

Protecting Zoom and our customers: a look at our Bug Bounty program’s success in 2022  

0 52

In security, it’s all about who gets there first. We race to identify bugs and issues before the bad guys do, so we tap the ethical hacking community to help us get ahead.

We source this help through our  Zoom Bug Bounty program, which lets us connect with and engage expert researchers that help us proactively mitigate risk and create a safer environment for our customers. And we’ve accomplished a lot as a community in the past year. Here’s a look:

2022 in retrospect 
We test our infrastructure every day at Zoom, but we know we’re not immune to edge-case vulnerabilities. So, we call in backup — the ethical hacker community can sometimes detect bugs that may only be discovered in certain circumstances.

That’s why our bug bounty program focuses on recruiting skilled, effective researchers. In 2022, we sent additional invitations to researchers to join our  HackerOne program with a focus on attracting active security talent. We also like to go beyond our program to find talent, so we tapped into the community via industry events like  H1-702.

These researchers work hard to help us, so we strive to celebrate successful report submissions accordingly. In the fiscal year 2023, we awarded $3.9 million in bounties to hundreds of researchers and over $7 million to date since the program began.

Beyond identifying vulnerabilities, outside researchers’ support has helped us make other forms of progress at Zoom. We used these reports to demonstrate items that needed attention, flag root-level causes for issues, create better cross-functional alignment, and find potential threats before they become a problem. As a result, our time to resolution for bug bounty reports has significantly improved over the past two years.

Updating our program for 2023 and beyond 
At the start of this year, we restructured our team and developed updates for the program for FY24. We evaluated the researchers currently in our program to make sure everyone is active and contributing. We want to put the right foot forward in the new year, and that all starts by working with high-caliber, effective researchers.

Zoom’s Bug Bounty program is also implementing a brand new vulnerability impact scoring system to help researchers do their best work yet. While we will continue to use the industry standard Common Vulnerability Scoring System (CVSS) to score reports, we’re evolving our program to add a companion scoring system called the Vulnerability Impact Scoring System (VISS) that analyzes 13 different aspects of impact for each vulnerability reported as they relate to the Zoom infrastructure, technology, and security of customer data. With the implementation of VISS, Bug Bounty can focus more on measuring responsibly demonstrated impact, rather than the theoretical possibility of exploitation.

The road ahead 
As the Zoom Bug Bounty program has grown over the past year, we’re continuing to evolve and mature our processes, bounty awards, and testing scope. We’re very excited to see the impact of our new scoring system and all the good our researchers can do in 2023.

If you’re interested in helping to make Zoom more secure, email your HackerOne profile name to  [email protected]  or visit the  Zoom careers page to review the open positions within the Trust and Security teams. Happy hacking!

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image