Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on April 18, 2023
Published on April 05, 2022
Safe and secure virtual communication is a top priority at Zoom. The confidentiality and integrity of messages and meetings, as well as the availability and reliability of our global infrastructure, are the primary focuses for hundreds of our internal security engineers.
To stay ahead of threats to our users and infrastructure, we know it’s critical to build robust defenses — that’s why we continuously test our platform and infrastructure to identify emerging and potential threats and identify vulnerabilities.
While Zoom tests our solutions and infrastructure every day, we know it's important to augment this testing by tapping the ethical hacker community to help identify edge-case vulnerabilities that may only be detectable under certain use cases and circumstances.
That is why Zoom has invested in a skilled, global team of security researchers via a private bug bounty program on HackerOne’s platform, which is the industry's leading provider for recruiting and engaging with security-focused professionals. Private bug bounty programs are invitation-only, which allows companies to hand-pick security researchers based on their previous work. HackerOne calculates statistics for each researcher based on their signal-to-noise ratio, impact on the programs they have contributed to, and reputation, all of which help measure how relevant and actionable their findings will be.
Zoom has recruited over 800 security researchers on the HackerOne platform. Their collective work has resulted in the submission of numerous bug reports, and awards of over $2.4 million in bounty payments, swag, and gifts since the program was introduced. In 2021 alone, Zoom awarded over $1.8 million across 401 reports. We would like to thank everyone who has responsibly disclosed bugs to Zoom, and most especially the following researchers who have made our “Top 10” list:
This past year, our Vulnerability Management and Bug Bounty (VMBB) team focused on navigating a competitive recruitment landscape and attracting more “rock star” security researchers to join our program by providing them with an excellent experience.
To attract top talent, we established the following five principles to help guide and improve our program:
To support existing researchers and attract new blood, Zoom also implemented several key updates to our bug bounty program in 2021. This included:
We’ve learned and grown so much in 2021, and we’re excited to expand these efforts and work with more ethical hackers in 2022. If you’re interested in helping to make Zoom more secure, email your HackerOne profile name to firstname.lastname@example.org or visit the Zoom careers page to review the open positions within the Trust and Security teams. Happy hacking!
To learn more about Zoom privacy and security, explore our Trust Center.