Videoconferencing firm Zoom has rolled out a brand new vulnerability scoring system that guarantees to assist cybersecurity groups prioritize assets towards essentially the most harmful threats.
Nonetheless in its 1.0 model, the Vulnerability Impression Scoring System (VISS) is an open, free-to-use framework owned by Zoom. It is supposed to enhance conventional CVSS scoring to find out a given vulnerability’s potential impression on a corporation so its cybersecurity groups can patch and defend accordingly.
“VISS analyzes 13 completely different features of impression for every vulnerability, segmented into impression teams particular to the platform, infrastructure, and knowledge,” Zoom stated in an announcement. “The VISS calculation produces a rating starting from 0 to 100, which may then be modified by making use of the compensating controls metric.”
To check the effectiveness of the brand new scoring system, Zoom used the VISS calculator for its personal bug bounty program run by way of HackerOne between March and December. The rise within the variety of reported essential vulnerabilities rose by 28% and high-severity experiences jumped by 12%, in keeping with an announcement from the challenge supplied to Darkish Studying. As well as, the bug bounty program skilled a 57% lower within the variety of medium severity vulnerabilities submitted over the identical interval.
“Developed over the previous yr, this challenge goals to reinforce safety measures for a safer digital panorama by way of our groundbreaking strategy to vulnerability scoring,” Zoom stated in an announcement. “VISS offers a user-friendly web-based UI and superior algorithms that prioritize precise demonstrated impression over theoretical safety impression prospects.”