Zoom continues its catch-up security sprint with new training, bug bounty tweaks and promise of crypto playbook

Sigh. How many users did it have before it started this stuff?


Zoom has outlined more about its efforts to improve its security.

For starters, secure coding environment provider Secure Code Warrior (motto: Secure your code, from the start) has announced its been hired to implement its wares at the video chat company.

You may recall that Zoom’s end-to-end encryption was found not to be end-to-end and not to use very strong encryption. A fix is not in sight as the company has also announced that it will publish a “detailed draft cryptographic design for our end-to-end encryption offering” on Friday May 22nd. Which is the Friday before a long weekend in the USA and UK, timing that could backfire with plenty of techies in lockdown but which also looks like take-out-the-trash time.

Lastly the company has blogged that it is “soliciting feedback” on tweaks to its bug bounty program.

Not all of Zoom’s security improvements remain on its to-do list: the company has released a new version 5.0 client that added AES 256-bit GCM encryption. Come May 30th only Zoom 5.0 clients will be able to join meetings, so that’s a nice improvement.

All of which is grand until one remembers that Zoom had around ten million daily meeting participants in late 2019, before the COVID-19 pandemic spiked numbers to around 200 million a day in March and around 300 million a day by April. And all those meetings took place without the security improvements mentioned above. ®


Biting the hand that feeds IT © 1998–2021