EXECUTIVE SUMMARY:
Last week, the popular video conferencing platform, Zoom, announced a revamped bug bounty program; a system that rewards users and security researchers for finding and reporting code-based security loopholes.
Previously, Dropbox had privately sponsored bug bounty hunts to identify Zoom’s security flaws, and those of a handful of other companies. In addition, across the past two years, Dropbox engineers made semi-regular security reports to Zoom, encouraging the video conferencing platform to patch certain bugs, and to introduce new security measures, including a virtual waiting room.
“[We appreciate] the researchers and industry partners who have helped -and continue to help- us identify issues as we continuously seek to strengthen our platform,” the company said in a statement.
Despite criticism over its security in recent weeks, Zoom’s newly hired security adviser and former CISO of Facebook, Alex Stamos, stated “I don’t think a lot of these things were predictable,” referring to the coronavirus, the subsequent increase in demand for the service, and how the security flaws have played out.
Zoom has a new 90-day plan that outlines the company’s fresh approach to security and user privacy. Progress against the plan is discussed in the company’s weekly blog posts.
Recent highlights include:
- Making the Waiting Room feature a default setting within the free Basic version and single licensed Pro accounts
- Making passwords a default element of free Basic versions and single licensed Pro accounts
- Including alphanumeric characters in passwords for Basic user profiles
And eleven other steps towards stronger security. For more information on what’s been happening with Zoom, visit this Cyber Talk article.