scorecardZoom's CEO apologizes for its many security issues as daily users balloon to 200 million
  1. Home
  2. slideshows
  3. miscellaneous
  4. Zoom's CEO apologizes for its many security issues as daily users balloon to 200 million

Zoom's CEO apologizes for its many security issues as daily users balloon to 200 million

1. Yuan will host a weekly webinar with security updates

Zoom's CEO apologizes for its many security issues as daily users balloon to 200 million

2. A total feature freeze

2. A total feature freeze

Yuan said effective immediately the company won't release any new features, instead focusing on shoring up its existing technology, and "focusing on shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues."

3. Zoom is bringing in outside experts to review its security

3. Zoom is bringing in outside experts to review its security

Yuan said Zoom will be conducting a comprehensive of its security using third-party experts and "representative users."

4. It will prepare and release a transparency report

4. It will prepare and release a transparency report

Yuan gave no indication of when the transparency report will be out, and the only detail he gave was that it would contain "information related to requests for data, records, or content."

One worry about Zoom's current setup is that it technically could access people's call footage, and could potentially hand that over to law enforcement because the footage is not end-to-end encrypted. Zoom has said it doesn't access people's call data.

5. Zoom is beefing up its bug bounty program

5. Zoom is beefing up its bug bounty program

Many big tech companies offer bug bounty programs, which encourage ethical hackers to find chinks in the company's security in return for cash.

Yuan did not say how much money Zoom is going to funnel into its bug bounty program.

Last year Zoom's approach to bug bounties came under scrutiny after a researcher found a serious bug which meant malicious websites could remotely switch on the webcams on Mac computers. The researcher turned down Zoom's offer of a bug bounty payout because the company demanded he sign a non-disclosure agreement, which would have stopped him disclosing the bug more widely.

6. The firm will set up a council for chief information security officers

6. The firm will set up a council for chief information security officers

A chief information security officer (CISO) oversees cybersecurity within a company. Yuan said he will set up a council with "leading CISOs from across the industry" to discuss security and privacy best practices.

7. Internal penetration tests

7. Internal penetration tests

White-box penetration testing means looking for security flaws from within an organization, with an intimate knowledge of its infrastructure, as opposed to black-box penetration where you start looking for weaknesses with no or little prior knowledge.

Advertisement