Zoom launches Open-source Vulnerability Impact Scoring System

Zoom, the popular video conferencing platform, has recently announced the launch of its Open-Source Vulnerability Impact Scoring System.
This system is designed to provide a standardized method for evaluating the impact of vulnerabilities discovered in open-source software.
The system's version 1.0 specification has been made available to the public, which will help software developers and security researchers to better identify and prioritize vulnerabilities and take appropriate actions to mitigate them.
Zoom Video Communications, Inc. is a communications technology company headquartered in San Jose, California.
The company offers a cloud-based, peer-to-peer software platform that allows users to make phone calls, video conferences, send messages, host virtual events, and operate contact centers.
The platform provides video telephony and online chat services.
The Vulnerability Impact Scoring System has been specifically developed to address the primary effects of software, hardware, and firmware vulnerabilities that are relevant to the connected infrastructure, technology stack, and security of customer information.
When assessing vulnerability reports, the industry-standard Common Vulnerability Scoring System is used.
This system takes into account the worst-case scenario and is predominantly evaluated from the attacker's perspective.
This approach helps in determining the potential impact of a vulnerability and assists in prioritizing mitigation efforts.
Each vulnerability in a VISS analysis has thirteen distinct impact characteristics, each of which is divided into impact categories that are particular to the Platform, Infrastructure, and Data.
The VISS computation generates a score between 0 and 100 using the chosen values for each variable.
When a vulnerability is detected in a system, network, environment, or product, the entity responsible for maintaining it typically assigns a VISS score to assess the severity of the vulnerability.
This scoring can be generated internally by the company or by an external third-party team, such as a bug bounty triage team, which evaluates the vulnerability on behalf of the company.
The VISS tool can perform additional analysis beyond the basic vulnerability assessment.
This may include metrics such as a CVSS score, a STRIDE and/or DREAD model, the number of impacted customers, possible financial loss, or the presence of a threat to life or property.
If a company wants to factor in any of these extra variables, VISS allows for the flexibility to develop and add metric alternatives to the VISS calculator.
A score is calculated using a set of equations that consider the weight assigned to each variable and their relation and impact on each other.
VISS computation includes three additional built-in influencing variables, namely MA, MB, and MC. These variables enable magnitude rebasing in situations where the implementing organization has decided which sections of VISS are more or less significant in their particular situation.
It is possible to assign each score a corresponding qualitative rating based on a defined scale.


This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 19 Dec 2023 09:15:14 +0000


Cyber News related to Zoom launches Open-source Vulnerability Impact Scoring System

Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
1 year ago Packetstormsecurity.com
CVE-2021-34423 - A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for ...
2 years ago
CVE-2021-34424 - A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune ...
2 years ago
Zoom launches Open-source Vulnerability Impact Scoring System - Zoom, the popular video conferencing platform, has recently announced the launch of its Open-Source Vulnerability Impact Scoring System. This system is designed to provide a standardized method for evaluating the impact of vulnerabilities discovered ...
1 year ago Cybersecuritynews.com
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com
Zoom Unveils Open Source Vulnerability Impact Scoring System - Video conferencing giant Zoom on Thursday unveiled an open source vulnerability impact scoring system that it has been developing for the past year. The Vulnerability Impact Scoring System, or VISS, is a customizable framework that provides a ...
1 year ago Securityweek.com
Zoom Launches AI Companion, Available at No Additional Cost - Zoom has pledged to provide artificial intelligence functions on its video-conferencing platform at no additional cost to paid clients. The tech firm believes that including these extra features as part of its paid platform service will provide a ...
11 months ago Cysecurity.news
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
9 months ago Techrepublic.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
1 year ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
1 year ago Feeds.dzone.com
Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams - Videoconferencing company Zoom has rolled out a new vulnerability scoring system that promises to help cybersecurity teams prioritize resources against the most dangerous threats. Still in its 1.0 version, the Vulnerability Impact Scoring System is ...
1 year ago Darkreading.com
Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
10 months ago Go.theregister.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
1 year ago Feeds.dzone.com
Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds - While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco ...
10 months ago Esecurityplanet.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
11 months ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
11 months ago Bleepingcomputer.com
How Servicenow Detects Open Source Security Vulnerabilities - Servicenow, a digital workflow company, recently announced their integration with Synk, an open source security platform, to detect security vulnerabilities in open source software. This integration will enable Servicenow customers to detect and ...
1 year ago Csoonline.com
CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
10 months ago Helpnetsecurity.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
SiCat: Open-source exploit finder - SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential ...
10 months ago Helpnetsecurity.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov
Dotnet Source Generators in 2024 Part 1: Getting Started - Security Boulevard - While nice, this incurs an execution of any classes marked as a source generator every time something changes in the project (i.e., delete a line of code, add a line of code, make a new file, etc.). As you can imagine, having something running every ...
2 months ago Securityboulevard.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
9 months ago Cisa.gov
CVE-2023-22880 - Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 ...
1 year ago
CVE-2022-28762 - Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)