Zoom awarded $1.8 million in bug bounty rewards over 2021 | ZDNet

By Naomi Gleit On Apr 7, 2022

Zoom has awarded $1.8 million to researchers who submitted bug bounty reports over 2021.

Bug bounty programs, whether private and available to invitees-only or public, where anyone can submit a vulnerability report, have become a critical method for organizations to improve their security posture.

The industry is beset with talent shortages. Estimates suggest that there will be approximately 3.5 million unfilled job openings by 2025 in the US alone, and until there are more specialists available, companies often can’t just rely on in-house security teams, who have more than enough of a workload.

This is where bug bounties come in: external researchers and bug hunters can perform tests on software and services, report any severe security issues, and receive credit and/or financial rewards in return.

The popularity of Zoom’s teleconferencing video software exploded overnight due to COVID-19 and lockdowns, with many of us forced to work from home. However, the rapid increase in users also highlighted security problems that had to be addressed quickly. Hence, a bug bounty program was one of the firm’s initiatives for improving the situation.

Zoom’s main program is private, but the platform actively recruits security researchers. Over 800 researchers participate in the program, which HackerOne hosts.

Over 2021, the software vendor has paid out over $1.8 million across 401 reports. In addition, since the program’s launch, over $2.4 million has been awarded.

Zoom

Recent updates to the program include extending the bug bounty reward range on offer, with up to $50,000 per report for the most severe vulnerabilities and $250 for low-hanging fruit.

The company also launched a public Vulnerability Disclosure Program (VDP) and a VIP bug bounty program for licensed software.

“While Zoom tests our solutions and infrastructure every day, we know it’s important to augment this testing by tapping the ethical hacker community to help identify edge-case vulnerabilities that may only be detectable under certain use cases and circumstances,” Zoom commented.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.