Zoom Seeks External Help to Fix Security Bugs

Former Facebook and Yahoo security boss signs up hoping to fix the privacy issues that the video conferencing company faces

 

When a company grows from ten million to 200 million users in a matter of weeks, there is bound to be chaos. And describing the current predicament of videoconferencing company Zoom as such might be an understatement, given that companies and countries are banning it, rivals are providing quick-fix solutions and credibility is at stake.

Zoom CEO Eric Yuan decided that managing these challenges at the top wasn’t his cup of tea anymore and thus sent an SOS to Alex Stamos, the hotshot chief security officer of Yahoo and Facebook, asking him to join the company as an external security consultant. And, in a blog post published on Medium, Stamos agreed.

And why Stamos? Well, Zoom detractors would be quick to point out that it could be the result of Stamos defended Zoom on Twitter following the criticism that it copped in the media for a series of privacy related issues that stemmed from the absence of property drafted security sign-ups and an unfortunate statement about end-to-end encryption.

In a series of tweets on April 1, Stamos said: “This is going to get worse, as the entire infosec world descends on a spectacularly complicated product with lots of attack surface and some sketchy design trade-offs. An opportunity for a trust turnaround.”

Stamos described the issues as shallow bugs while suggesting that Zoom would require to demonstrate more transparency, including putting a security face to all of these responses. And from Yuan’s point of view what better face could he think of to take on his detractors than that of Alex Stamos?

Having said so, Stamos went on to define what the company’s plan should be in his tweet. “A documented 30-day security plan that includes a feature freeze, several professional pen-tests and rolling out coordinated disclosure policies would be smart,” he had said and what followed was the announcement of a feature freeze by Eric Yuan.

His blog post suggests that Stamos would serve in a guiding role to help the company stave off disaster as the world continues to work from home, a situation that necessarily means good business for Zoom and its ilk. From Yuan’s perspective, he too would like a product that’s safe and bug-free to use.

"Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I'm looking forward to working with Zoom's engineering teams on those projects," Stamos says.

And Yuan couldn’t hide his enthusiasm at this development. “We are thrilled to have Alex on board,” he wrote in a blog post, adding that the former Facebook CSO was indeed a fan of their platform and would help Zoom implement controls and practices that are best-in-class.

Stamos quit Facebook in 2018 and has since been working as Director of the Stanford Internet Observatory with a team that brings forth reports on disinformation campaigns carried out on various social networks.

Zoom also went ahead and announced a CSO council and an advisory board that comprises cybersecurity leaders from other companies.

"Within our CISO Council, we are establishing an Advisory Board that will include a subset of CISOs who will act as advisors to me personally," Yuan said. This group will enable me to be a more effective and thoughtful leader and will help ensure that privacy and security are at the forefront of everything we do at Zoom. The initial members of our Advisory Board will include security leaders from VMware, Netflix, Uber, Electronic Arts, and others."

Looks like Zoom is all set to zoom ahead with the unexpected manna that the Covid-19 pandemic brought in its wake.


TAGS: Zoom, Security, Cybersecurity, Facebook, Yahoo, CSO, eric yuan, alex stamos