Zooms Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams

New vulnerability impact scoring system aims to help cyber defenders find threats and patch against bugs most likely to disrupt their environments.

Videoconferencing company Zoom has rolled out a new vulnerability scoring system that promises to help cybersecurity teams prioritize resources against the most dangerous threats.
Still in its 1.0 version, the Vulnerability Impact Scoring System (VISS) is an open, free-to-use framework owned by Zoom. Its intended to complement traditional
CVSS scoring
to determine a given vulnerabilitys potential impact on an organization so its
cybersecurity teams can patch
and defend accordingly.
VISS analyzes 13 different aspects of impact for each vulnerability, segmented into impact groups specific to the platform, infrastructure, and data, Zoom said in a statement. The VISS calculation produces a score ranging from 0 to 100, which can then be modified by applying the compensating controls metric.
To test the effectiveness of the new scoring system, Zoom used the
VISS calculator
for its own bug bounty program run through HackerOne between March and December. The rise in the number of reported critical vulnerabilities rose by 28% and high-severity reports jumped by 12%, according to a statement from the project provided to Dark Reading. In addition, the bug bounty program experienced a 57% decrease in the number of medium severity vulnerabilities submitted over the same period.
Developed over the past year, this project aims to enhance security measures for a safer digital landscape through our groundbreaking approach to vulnerability scoring,
Zoom said
in a statement. VISS provides a user-friendly web-based UI and advanced algorithms that prioritize actual demonstrated impact over theoretical security impact possibilities.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Zooms Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams