As Zoom CEO Eric S. Yuan mentioned in his blog posts on  April 1 and April 8, we are in the midst of a 90-day plan to improve our security and privacy, and most of all, build greater trust with our users. 

To that end, and as discussed on Eric’s April 15 webinar, I’m excited to highlight another essential security partner in helping us get there — Luta Security. 

Luta Security to help reboot Zoom’s bug bounty program

Luta Security, the recognized, global leader in creating robust vulnerability disclosure and bug bounty programs, has signed on to help us reboot Zoom’s bug bounty program. 

Luta Security was founded by Katie Moussouris. Katie created some of the most important vulnerability programs still running today. She started Microsoft Vulnerability Research and Symantec Vulnerability Research, started Microsoft’s bug bounties, as well as the Pentagon’s. Katie has testified as an expert on bug bounties and the labor market for security research for the U.S. Senate, and has also been called upon for European Parliament hearings on dual-use technology. She was later invited by the U.S. State Department to help renegotiate the Wassenaar Arrangement, during which she successfully helped change the export control language to include technical exemptions for vulnerability disclosure and incident response.

We are thrilled to have Katie and the Luta Security team on board. For more information on the work Luta Security has already been doing with Zoom, check out Katie’s post.

We need your help and feedback 

We’re not changing the day-to-day bug bounty operations, platforms, or rules without your input! Now’s the perfect time to get feedback directly from the researcher community. If you’ve ever reported an issue to Zoom, we want to hear about your experience. If you decided not to report an issue, we want to know why. Please send your feedback to katie.moussouris@zoom.us. 

Luta Security and Zoom will take this feedback and use it to make a world-class bug bounty program that advances our relationship with researchers and remains consistent with our commitment to protect user security. 

In the meantime, if you think you’ve found a security bug, please continue to report them to us on our security page.

We are grateful to Katie and Luta Security for their work to help make us even better. We’ll have additional updates on this front in the coming weeks, including highlights from other world-class experts we’ve brought in to help as we continue our journey to secure and enhance Zoom’s leading video communications solutions.