Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams

Videoconferencing company Zoom has rolled out a new vulnerability scoring system that promises to help cybersecurity teams prioritize resources against the most dangerous threats.
Still in its 1.0 version, the Vulnerability Impact Scoring System is an open, free-to-use framework owned by Zoom.
It's intended to complement traditional CVSS scoring to determine a given vulnerability's potential impact on an organization so its cybersecurity teams can patch and defend accordingly.
To test the effectiveness of the new scoring system, Zoom used the VISS calculator for its own bug bounty program run through HackerOne between March and December.
The rise in the number of reported critical vulnerabilities rose by 28% and high-severity reports jumped by 12%, according to a statement from the project provided to Dark Reading.
The bug bounty program experienced a 57% decrease in the number of medium severity vulnerabilities submitted over the same period.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 14 Dec 2023 14:00:20 +0000


Cyber News related to Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams