December 14, 2023 at 09:03AM
Zoom has introduced a new Vulnerability Impact Scoring System (VISS) to help cybersecurity teams prioritize threats. It analyzes 13 impact aspects, produces a 0-100 score, and can be adjusted using compensating controls. In testing, critical vulnerabilities increased by 28%, while medium-severity ones decreased by 57%. Zoom aims to enhance security with VISS.
From the meeting notes, it’s clear that Zoom has introduced a new Vulnerability Impact Scoring System (VISS) to help cybersecurity teams prioritize resources against potential threats. VISS is designed to work alongside traditional CVSS scoring and assesses 13 different aspects of impact for each vulnerability, producing a score ranging from 0 to 100. Zoom used the VISS calculator for its own bug bounty program and saw a rise in reported critical vulnerabilities and high-severity reports, and a decrease in medium severity vulnerabilities. The aim is to enhance security measures and provide a user-friendly web-based UI and advanced algorithms for prioritizing actual demonstrated impact.