We all get by with a little help from our friends, and security professionals are no exception. As we race to keep ahead of cybercriminals, we tap the hacking community to assist our internal Zoom team with catching bugs and identifying issues before the bad guys do — a widespread industry best practice.
To source this help, we built the ongoing Zoom Bug Bounty program and participate in relevant hacking events to enlist a talented pool of ethical hackers to help us strengthen the security of the Zoom platform. This year, we sponsored one of the days (August 4th) of HackerOne’s H1-702 event in Las Vegas. The contest featured Zoom as one of the two technology providers that participated in these live sessions.
Bring on the (ethical) hacking
Zoom and another organization sponsored the in-person live hacking event, which was connected to the companies’ respective bug bounty programs. More than 100 security professionals (around 70 in-person and 40 virtual) from 29 countries hacked the Zoom web and desktop client, APIs, Zooms Marketplace apps, and any of the binaries that Zoom distributes. The following individual awards were distributed as part of the event:
1st Place: todayisnew2nd Place: f6xBest Team Collaborator: todayisnewExterminator: rijalrojanVigilante (Most Valuable Hacker): try_to_hack
Zoom paid roughly $480,000 in bounties at the event — a reflection of the importance of this industry best practice and our investment in security.
Chatting with the community
We knew H1-702 could help us connect with the broader hacking community in more ways than one. During the event’s H@cktivityCon, I hosted the session, “Submitting High-Quality Bug Bounty Reports – Tips From Behind the Curtain,” to educate attendees on what exactly we look for in vulnerability report submissions to the Zoom Bug Bounty program.
Strength in numbers
We know we’re better when we’re together, which is why we want to continue using events like H1-702 in addition to the Zoom Bug Bounty program to improve the way we address vulnerabilities. By engaging a diverse group of hackers through these initiatives, we strive to proactively mitigate risk and create a safer environment for customers.
To learn more about the Zoom Bug Bounty program, check out our Vulnerability Disclosure Policy.
By: Roy Davis
Title: Helpful Hacking: Zoom Sponsors HackerOne’s H1-702 Event
Sourced From: blog.zoom.us/zoom-sponsors-hackerone-h1-702-event/
Published Date: Wed, 07 Sep 2022 17:00:00 +0000