Zoom has officially become a CVE Numbering Authority, meaning the company can assign identification numbers to new vulnerabilities and publish information related to those vulnerabilities.
The company joins the CVE Program, an international community-based effort to identify, define and catalog publicly disclosed cybersecurity vulnerabilities that require third-party notification or coordination to remediate, Zoom said in a blog post.
CVE records are used to help cybersecurity and IT professionals coordinate their efforts and respond to vulnerabilities, and designating each with a number helps ensure that security professionals are discussing the same vulnerability.
Now, Zoom can assign CVE identification numbers to new vulnerabilities and publish related details.
“This is a significant milestone for us as our security program continues to mature here at Zoom,” the company said.
The news comes several weeks after a remote code execution vulnerability in the platform was discovered by security researchers during an event organized by the Zero Day Initiative, according to Malwarebytes.
Security has been a major focus of the company’s ever since the platform became a target of hackers and meeting hijackers due to it’s lack of robust cybersecurity tools.
The company even settled with the U.S. Federal trade Commission over what the agency called “deceptive and unfair” security practices. The settlement called for a comprehensive security program, but the company was already well down that road in response to scrutiny over the platform’s security.
The company froze non-security features for 90 days, hired key cybersecurity personnel and released enhanced meeting security controls.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply