To address complex threats in today’s cybersecurity landscape, we’ve taken a comprehensive approach to securing the Zoom platform. This includes staffing up our offensive and defensive security teams and building out robust education and training resources on our Trust Center and Learning Center.
To complement those efforts, Zoom recently partnered with MITRE Engenuity, MITRE’s tech foundation for public good, to better understand the most common and critical weaknesses that affect online video collaboration tools. As a part of this research, the Engenuity team in 2021 reviewed Zoom’s core source code, which includes our Zoom for Government offering.
A few key aspects of the review process included:
- A dedicated research environment for MITRE Engenuity team members to protect the confidentiality of our source code while under review.
- Continuous support from our internal security and engineering teams to MITRE Engenuity throughout the process to help streamline the review.
- Static analysis and manual inspection of source code in an attempt to find weaknesses or bugs.
As a byproduct of this partnership, Zoom was able to strengthen its security posture and correct a number of weaknesses that had been previously unknown.
If proper testing is not conducted (e.g., automated static code analysis and manual code inspection), then a variety of software weakness types will persist past development and exist within a given video collaboration tool’s codebase.
Zoom proactively focused on their security and engaged with a neutral collaborator in the cybersecurity industry such as MITRE Engenuity; this is something we recommend for others to pursue.Drew Buttner, Principal Cybersecurity Engineer, MITRE Engenuity
MITRE Engenuity’s research is in the public interest and does not qualify as an endorsement of any third-party technology.
At Zoom, we’re always focused on new ways to raise the bar for our platform’s security and the Zoom experience as a whole.
To learn more about Zoom privacy and security, explore our Trust Center.