CyberSecurityBoard
Sponsor Register Login

Zoom Unveils Open Source Vulnerability Impact Scoring System

Video conferencing giant Zoom on Thursday unveiled an open source vulnerability impact scoring system that it has been developing for the past year.
The Vulnerability Impact Scoring System, or VISS, is a customizable framework that provides a web-based user interface and algorithms to help organizations assess and prioritize vulnerabilities based on actual demonstrated exploitation rather than theoretical impact.
The company says VISS aims to complement the widely used Common Vulnerability Scoring System, helping enhance incident response capabilities.
Zoom has been testing the system within its bug bounty program since March and said the use of VISS has led to an increase in reports describing critical and high-severity vulnerabilities, with researchers investing more time and energy to demonstrate the practicality of their exploits.
VISS analyzes vulnerabilities based on 13 impact aspects focusing on platform, infrastructure and data.
The severity of impact is shown by a numerical score ranging from 0 to 100, which is also influenced by a 'compensating controls' metric, which enables the user to specify the existence of compensating security controls that would mitigate exploitation.
It remains to be seen how widely VISS gets adopted by organizations.
The fact that it has been developed by a commercial organization could lower its chances of being widely used.
There are several other vulnerability scoring and classification systems, including Stakeholder-Specific Vulnerability Categorization, Exploit Prediction Scoring System, and Tenable's Vulnerability Priority Rating.
While they are being used to some extent, they seem unlikely to replace or be widely used alongside CVSS, which has been the industry standard for many years.
CVSS has some issues, including subjectivity, narrow scope, and improper representation of real-world risks.
The recently launched CVSS 4.0 aims to address some of these limitations.
On the other hand, the general consensus seems to be that CVSS should not be used on its own to score risk or prioritize vulnerability patching.


This Cyber News was published on www.securityweek.com. Publication date: Fri, 15 Dec 2023 13:58:05 +0000


Cyber News related to Zoom Unveils Open Source Vulnerability Impact Scoring System

Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
1 year ago Packetstormsecurity.com Rocke Hunters
CVE-2021-34423 - A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for ...
2 years ago
CVE-2021-34424 - A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune ...
2 years ago
Zoom Unveils Open Source Vulnerability Impact Scoring System - Video conferencing giant Zoom on Thursday unveiled an open source vulnerability impact scoring system that it has been developing for the past year. The Vulnerability Impact Scoring System, or VISS, is a customizable framework that provides a ...
1 year ago Securityweek.com
Zoom launches Open-source Vulnerability Impact Scoring System - Zoom, the popular video conferencing platform, has recently announced the launch of its Open-Source Vulnerability Impact Scoring System. This system is designed to provide a standardized method for evaluating the impact of vulnerabilities discovered ...
1 year ago Cybersecuritynews.com Equation
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
1 year ago Techrepublic.com
Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry - The disruption, which began at 11:25 AM PDT and was resolved by 1:12 PM PDT, was traced not to a cyberattack or internal technical failure, but to a server block imposed by GoDaddy Registry the manager of the .us top-level domain after a ...
4 days ago Cybersecuritynews.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
1 year ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
1 year ago Feeds.dzone.com
Zoom Launches AI Companion, Available at No Additional Cost - Zoom has pledged to provide artificial intelligence functions on its video-conferencing platform at no additional cost to paid clients. The tech firm believes that including these extra features as part of its paid platform service will provide a ...
1 year ago Cysecurity.news
Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams - Videoconferencing company Zoom has rolled out a new vulnerability scoring system that promises to help cybersecurity teams prioritize resources against the most dangerous threats. Still in its 1.0 version, the Vulnerability Impact Scoring System is ...
1 year ago Darkreading.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
1 year ago Feeds.dzone.com Cactus
Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
1 year ago Go.theregister.com CVE-2024-24691 CVE-2024-24690 CVE-2024-24695 CVE-2024-24696 CVE-2024-24697 CVE-2024-24698 CVE-2024-24699
Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script - The vulnerabilities, detailed in Zoom Security Bulletin ZSB-25013, affect a wide range of Zoom Workplace applications, including desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android. Multiple null pointer dereference ...
2 weeks ago Cybersecuritynews.com CVE-2025-30670
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Hackers abuse Zoom remote control feature for crypto-theft attacks - A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. "For organizations handling particularly ...
15 hours ago Bleepingcomputer.com
Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds - While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco ...
1 year ago Esecurityplanet.com CVE-2024-21412 CVE-2020-3259 Akira
How Servicenow Detects Open Source Security Vulnerabilities - Servicenow, a digital workflow company, recently announced their integration with Synk, an open source security platform, to detect security vulnerabilities in open source software. This integration will enable Servicenow customers to detect and ...
2 years ago Csoonline.com
CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
1 year ago Helpnetsecurity.com
Zoom Team Chat Decrypted to Uncover User Activities - As remote work continues to be standard practice, understanding the security architecture of communication platforms like Zoom becomes increasingly crucial for maintaining organizational data protection. Zoom Team Chat employs a sophisticated ...
1 month ago Cybersecuritynews.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
SiCat: Open-source exploit finder - SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential ...
1 year ago Helpnetsecurity.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)