Security & Privacy Government

Zoom Collaborates with MITRE on Source Code Review

In 2021, the MITRE Engenuity team reviewed Zoom’s core source code, which includes our Zoom for Government offering.
2 min read

Updated on June 23, 2022

Published on June 15, 2022

Code
In this blog
Matt Mandrgoc
Matt Mandrgoc
Head of U.S. Public Sector

To address complex threats in today’s cybersecurity landscape, we’ve taken a comprehensive approach to securing the Zoom platform. This includes staffing up our offensive and defensive security teams and building out robust education and training resources on our Trust Center and Learning Center.

To complement those efforts, Zoom recently partnered with MITRE Engenuity, MITRE’s tech foundation for public good, to better understand the most common and critical weaknesses that affect online video collaboration tools. As a part of this research, the Engenuity team in 2021 reviewed Zoom’s core source code, which includes our Zoom for Government offering.

A few key aspects of the review process included:

  • A dedicated research environment for MITRE Engenuity team members to protect the confidentiality of our source code while under review.
  • Continuous support from our internal security and engineering teams to MITRE Engenuity throughout the process to help streamline the review.
  • Static analysis and manual inspection of source code in an attempt to find weaknesses or bugs.

As a byproduct of this partnership, Zoom was able to strengthen its security posture and correct a number of weaknesses that had been previously unknown.

If proper testing is not conducted (e.g., automated static code analysis and manual code inspection), then a variety of software weakness types will persist past development and exist within a given video collaboration tool’s codebase. 

Zoom proactively focused on their security and engaged with a neutral collaborator in the cybersecurity industry such as MITRE Engenuity; this is something we recommend for others to pursue.

Drew Buttner, Principal Cybersecurity Engineer, MITRE Engenuity

MITRE Engenuity’s research is in the public interest and does not qualify as an endorsement of any third-party technology.

Learn more

At Zoom, we’re always focused on new ways to raise the bar for our platform’s security and the Zoom experience as a whole.

To learn more about Zoom privacy and security, explore our Trust Center.

You might also like

Related Resources

Our customers love us

Okta
Nasdaq
Rakuten
Logitech
Western Union
Autodesk
Dropbox
Okta
Nasdaq
Rakuten
Logitech
Western Union
Autodesk
Dropbox

Zoom - One Platform to Connect

Request a Demo
Buy now