Video-conferencing platform Zoom on Thursday said that it has awarded $1.8 million to researchers who submitted bug bounty reports over 2021.
Private bug bounty programmes are invitation-only, which allows companies to hand-pick security researchers, based on their previous work.
“While Zoom tests our solutions and infrastructure every day, we know it is important to augment this testing by tapping the ethical hacker community to help identify edge-case vulnerabilities that may only be detectable under certain use cases and circumstances,” the company said in a statement.
“That is why Zoom has invested in a skilled, global team of security researchers via a private bug bounty programme on HackerOne’s platform, which is the industry’s leading provider for recruiting and engaging with security-focused professionals,” it added.
HackerOne calculates statistics for each researcher based on their signal-to-noise ratio, impact on the programs they have contributed to, and reputation, all of which help measure how relevant and actionable their findings will be.
Zoom said it has recruited over 800 security researchers on the HackerOne platform and their collective work has resulted in the submission of numerous bug reports, and awards of over $2.4 million in bounty payments, swag and gifts since the programme was introduced.