Original Post from InfoSecurity Magazine
Zoom Brings Renowned Crypto and Bug Bounty Experts on Board
Zoom is racing ahead with efforts to improve the security of its platform, announcing Luta Security as a new partner to help rebuild its bug bounty program.
The video conferencing app has come under fire over recent weeks, as a sudden surge in users exposed security and privacy issues across the platform.
Reports suggest vulnerabilities in the platform were recently put up for sale by hackers; one going for as much as $500,000. Zoom would rather have white hat researchers discover and disclose those to it directly for a fee, hence its desire to work with Luta Security.
In fact, the company was engaged by Zoom last year, and is now asking for feedback on the firm’s bug bounty program as it sets about re-architecting it, according to founder Katie Moussouris.
“No company can bug bounty their way to being secure, and we at Luta Security emphasizes building strong internal engineering to reduce the number and severity of vulnerabilities BEFORE software is released, as well as being capable of fixing bugs efficiently when they slip through secure development practices,” she explained.
“We were wrapping up a full internal vulnerability coordination and management maturity assessment against ISO 30111 with Zoom when the pandemic hit.”
Moussouris also revealed that several other big industry names are set to join the push to make Zoom more secure. They include John Hopkins cryptography expert Matthew Green, former Google privacy technology lead, Lea Kissner, and cybersecurity consultancy NCC Group.
They will join former Yahoo and Facebook CSO, Alex Stamos, who was announced as joining the initiative last week.
According to CEO, Eric Yuan, Zoom saw its volume of daily meeting participants soar from 10 million in December to around 200 million by March as the Covid-19 pandemic forced government lockdowns and home working across the globe.
Go to Source