Zoom CEO says 90-day privacy pledge just a first step
Zoom CEO Eric Yuan has announced to double down on the efforts to bring meaningful change to its video meet app after the 90-day pledge ended, saying the company would put mechanisms in place to make sure that security and privacy remain a priority in each phase of its product and feature development.
Bogged down by numerous privacy and security issues in March, Zoom took a 90-day pledge on April 1 to make a number of enhancements to address security and privacy.
“We cannot and will not stop here. Privacy and security are ongoing priorities for Zoom, and this 90-day period – while fruitful – was just a first step,” said Yuan.
“This period has brought about meaningful change at our company and made the safety, privacy, and security of our platform central to all we do, as we strive to be worthy of the trust customers place in us,” Yuan said in a statement on Wednesday.
In the three-month period, the company has launched nearly 100 features including Zoom 5.0 with enhanced security and privacy tools, AES 256 GCM encryption (available to all users, free and paid), UI updates (Security icon, green encryption shield with data center location click through) and others.
The company also acquired secure messaging and file-sharing service Keybase and started building end-to-end encryption for all users, free and paid.
“We have made significant progress defining the framework and approach for a transparency report that details information related to requests Zoom receives for data, records, or content. We look forward to providing the fiscal Q2 data in our first report later this year,” said Yuan.
The company has developed a Central Bug Repository and related workflow processes.
This repository takes vulnerability reports from HackerOne, Bugcrowd, and email@example.com (the latter of which does not require an NDA) triaged through Praetorian.
Zoom is committed to continuous third-party penetration tests as a foundation of its security programme, said Yuan.