2 min read
Updated on September 14, 2022
Published on September 07, 2022
We all get by with a little help from our friends, and security professionals are no exception. As we race to keep ahead of cybercriminals, we tap the hacking community to assist our internal Zoom team with catching bugs and identifying issues before the bad guys do — a widespread industry best practice.
To source this help, we built the ongoing Zoom Bug Bounty program and participate in relevant hacking events to enlist a talented pool of ethical hackers to help us strengthen the security of the Zoom platform. This year, we sponsored one of the days (August 4th) of HackerOne’s H1-702 event in Las Vegas. The contest featured Zoom as one of the two technology providers that participated in these live sessions.
Zoom and another organization sponsored the in-person live hacking event, which was connected to the companies’ respective bug bounty programs. More than 100 security professionals (around 70 in-person and 40 virtual) from 29 countries hacked the Zoom web and desktop client, APIs, Zooms Marketplace apps, and any of the binaries that Zoom distributes. The following individual awards were distributed as part of the event:
Zoom paid roughly $480,000 in bounties at the event — a reflection of the importance of this industry best practice and our investment in security.
We knew H1-702 could help us connect with the broader hacking community in more ways than one. During the event’s H@cktivityCon, I hosted the session, “Submitting High-Quality Bug Bounty Reports - Tips From Behind the Curtain,” to educate attendees on what exactly we look for in vulnerability report submissions to the Zoom Bug Bounty program.
We know we’re better when we’re together, which is why we want to continue using events like H1-702 in addition to the Zoom Bug Bounty program to improve the way we address vulnerabilities. By engaging a diverse group of hackers through these initiatives, we strive to proactively mitigate risk and create a safer environment for customers.
To learn more about the Zoom Bug Bounty program, check out our Vulnerability Disclosure Policy.
3 min read
Zoom’s Bug Bounty Program incentivizes the discovery and responsible disclosure of security vulnerabilities. Here's a look at the past year's highlights.
3 min read
Compliance management tools like Zoom Compliance Manager can help you navigate the tricky communications landscape. Learn how it works.
2 min read
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
