Zoom launches an open source Vulnerability Impact Scoring System (VISS) tested within its bug bounty program.

SecurityWeek is a platform or publication dedicated to cybersecurity news, analysis, and insights for professionals and enthusiasts. Readers can learn about threat intelligence, security vulnerabilities, and defensive strategies. With articles, reports, and expert commentary, SecurityWeek keeps readers informed and up-to-date on the latest developments in cybersecurity.

SecurityWeek

Zoom has unveiled an open source Vulnerability Impact Scoring System (VISS) that aims to complement the widely used Common Vulnerability Scoring System (CVSS). VISS analyzes vulnerabilities based on actual demonstrated exploitation and provides a customizable framework to help organizations assess and prioritize vulnerabilities. While CVSS has been the industry standard for many years, there are limitations to its subjectivity, narrow scope, and improper representation of real-world risks. However, the recently launched CVSS 4.0 aims to address some of these limitations. Zoom has been testing VISS within its bug bounty program and has seen an increase in reports describing critical and high-severity vulnerabilities.

Zoom Unveils Open Source Vulnerability Impact Scoring System