Zoom Strengthens Bug Bounty Program–Collaborate With Security Experts

Video conferencing app Zoom announced on April 15th that it would renew its bug bounty program as part of its long-term plan to improve service security.


By: Zoom, ZDNet

The company has announced that it will work with Luta Security, which specializes in sustainable vulnerability disclosure and bug bounty programs.

Luta Securit is led by Katie Moussouris, the founder and experienced in cybersecurity. Moussouris is best known for launching bug bounty programs for Microsoft, Symantec, and the US Department of Defense.

Until now, Zoom hasHackerOneI was running a bug bounty program on the platform.

▽ The renewal of Zoom's existing program is left to the discretion of Luta Security. Moussouris said he has received widespread input from the entire cybersecurity community on how to improve Zoom's vulnerability disclosure process.

"Everything from non-disclosure agreements, bounties, submission forms to interaction with bug bounty triage vendors who manage Zoom bounty bug bounties," Moussouris said.

ZOOM hires former Facebook Chief Security Officer (CSO) Alex Stamos as a security advisor prior to hiring Mr. Moussouris, who has gained a lot of attention in the cyber security industry.Welcoming. In a blog post on April 8th, Stamos said in a series of tweets about the security challenges Zoom is facing and how to address them, and in a statement that defends the company, Zoom founder and CEO Said he was invited by CEO Eric Yuan.

Mouseursis tweeted that Zoom may have more prominent experts in the future. Privacy expert Lea Kissner, the global head of privacy technology at Google, and crypto-knowledge professor Johns Hopkins University professor Matthew Green, as well as well-known security consulting firms Bishop Fox, NCC Group, and Trail of Bits. Are listed.

Recruiting these new personnel is part of efforts to improve the security attitude of Zoom service.

Due to the pandemic of the new coronavirus, the number of Zoom service users will increase from 10 million in December 2019 to over 200 million todaySudden increasedid. This sudden rise in popularity has helped Zoom from cybersecurity researchers, privacy experts, hackers, and more.Severe eyesIs being directed.

Experts discovered a security vulnerability in the code of the application, privacy problems in the management of user data, problems with the custom encryption scheme of the application, etc.

Fear that such a series of criticisms will damage the growing reputation of the company, Eric Yuan said on April 1,Plan to freeze all development of new functions and focus on strengthening securityToAnnounced.

ZOOM has patched multiple security issues over the last two weeks, and has held a Zoom conferenceZoom bombThe function to protect from We also hired multiple experts for our long-term cybersecurity strategy.

Yuan will hold weekly on the 15th"Ask Eric Anything" WebinarThen, he summarized the company's efforts so far and introduced some of the security functions that may be provided in the future.

This article is from overseas CBS InteractivearticleIs edited by Asahi Interactive for Japan.

Source link

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button