Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams

We Keep you Connected

Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams

New vulnerability impact scoring system aims to help cyber defenders find threats and patch against bugs most likely to disrupt their environments.
December 14, 2023
Videoconferencing company Zoom has rolled out a new vulnerability scoring system that promises to help cybersecurity teams prioritize resources against the most dangerous threats.
Still in its 1.0 version, the Vulnerability Impact Scoring System (VISS) is an open, free-to-use framework owned by Zoom. It's intended to complement traditional CVSS scoring to determine a given vulnerability's potential impact on an organization so its cybersecurity teams can patch and defend accordingly.
"VISS analyzes 13 different aspects of impact for each vulnerability, segmented into impact groups specific to the platform, infrastructure, and data," Zoom said in a statement. "The VISS calculation produces a score ranging from 0 to 100, which can then be modified by applying the compensating controls metric."
To test the effectiveness of the new scoring system, Zoom used the VISS calculator for its own bug bounty program run through HackerOne between March and December. The rise in the number of reported critical vulnerabilities rose by 28% and high-severity reports jumped by 12%, according to a statement from the project provided to Dark Reading. In addition, the bug bounty program experienced a 57% decrease in the number of medium severity vulnerabilities submitted over the same period.
"Developed over the past year, this project aims to enhance security measures for a safer digital landscape through our groundbreaking approach to vulnerability scoring," Zoom said in a statement. "VISS provides a user-friendly web-based UI and advanced algorithms that prioritize actual demonstrated impact over theoretical security impact possibilities."
Becky Bracken, Editor, Dark Reading

You May Also Like
2024 API Security Trends & Predictions
What’s In Your Cloud?
Everything You Need to Know About DNS Attacks
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
The State of Supply Chain Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
2021 Banking and Financial Services Industry Cyber Threat Landscape Report
Identity Access Management 101
The Impact of XDR in the Modern SOC
2021 Gartner Market Guide for Managed Detection and Response Report
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

TNC

LET US MANAGE YOUR SYSTEM
SO YOU CAN RUN YOUR BUSINESS

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE