Zoom has paid $3.9 million to bug bounty hunters in the fiscal year 2023, which means its Bug Bounty program has now surpassed $7 million in awards.
The program, which began in October 2021, calls on the expertise of the ethical hacking community to find vulnerabilities in Zoom’s platform.
To attract professional hackers, Zoom created a private program via the cybersecurity company, HackerOne, which Zoom describes as the “industry’s leading provider” for connecting with IT security professionals.
Zoom’s security team is resolving reports at a much quicker rate than it was when it first started.
Zoom has “restructured” its team and developed updates for the fiscal year 2024 program, which may be connected to the 15% of staff laid off from Zoom last month.
Researchers were evaluated based on their level of contributions, which Zoom says will create a more effective task force and put it in a better position going forwards.
Zoom’s Bug Bounty program is updating its vulnerability scoring system by adding a companion scoring system, the Vulnerability Impact Scoring System (VISS), to work in conjunction with the industry standard, Common Vulnerability Scoring System (CVSS).
The VISS is expected to improve the quality of submissions by assessing 13 areas of impact across Zoom’s infrastructure, technology, and customer data security.
HackerOne is a cybersecurity company, which specializes in attack resistance management through the use of ethical hackers and other techniques.
Last year, Zoom reported that it had recruited over 800 hackers via the HackerOne platform. Private bug bounty programs, such as this, are invitation-only, and include a list of eligibility criteria that researchers must meet, in order to take part in the Zoom Bug Bounty program.
