Videoconferencing giant Zoom, which has been the subject of public scrutiny of late due to privacy and security issues with the platform, provide an update Wednesday on its plan to address those concerns.
According to CEO Eric Yuan’s blog post, the company has officially formed a CISO Council and Advisory Board that includes security leaders from across industries. The company has also hired an outside advisor to assist in a review of the company’s security review.
This comes after Yuan wrote in an April 1 blog that the company would be freezing new features for 90 days and focus on security and privacy issues with the platform.
Those issues include unauthorized meeting participants joining Zoom calls, data sharing practices and others.
According to Yuan, the council includes CISOs from HSBC, NTT Data, Procore, Ellie Mae and others. The advisory board includes security experts from VMWare, Netflix, Uber, Electronic Arts and others.
Within our CISO Council, we are establishing an Advisory Board that will include a subset of CISOs who will act as advisors to me personally. This group will enable me to be a more effective and thoughtful leader and will help ensure that privacy and security are at the forefront of everything we do at Zoom.
Zoom also hired an outside advisor, Alex Stamos, the former chief security officer at Facebook. Stamos is also an adjunct professor at Sanford’s Freeman-Spogli Institute and a visiting scholar at the Hoover Institution.
Stamos’ credentials also include contributing to Harvard’s Defending Digital Democracy Project, advising Stanford’s Cybersecurity Policy Program and UC Berkeley’s Center for Long-Term Cybersecurity and several other security boards and councils.
Last week, Stamos posted a series of tweets about Zoom’s security and transparency issues, calling the company to demonstrate more transparency, including a freeze on new features.
This week is going to be a critical one for Zoom and $ZM shareholders.
This is going to get worse, as the entire infosec world descends on a spectacularly complicated product with lots of attack surface and some sketchy design trade-offs. An opportunity for a trust turn-around. https://t.co/jjcJS6eWrD
— Alex Stamos (@alexstamos) April 1, 2020
In a Wednesday blog, Stamos elaborated on his decision to consult the company, which began after Yuan reached out to him regarding his tweets.
Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I’m looking forward to working with Zoom’s engineering teams on those projects.