Zoom Signs-Up Ex-Facebook CSO as Google Bans Platform

Zoom has brought former Facebook CSO Alex Stamos on board to bolster a new security push, as reports emerged that Google and the US Senate have told users to avoid the video conferencing platform.

As promised by CEO Eric Yuan last week, the firm has formally launched a CISO Council and Advisory Board comprising security leaders from across industries. The idea is that they’ll collaborate on new ideas to help improve security and privacy in the app.

CISOs and security leaders from HSBC, NTT Data, Procore, Ellie Mae, VMware, Netflix, Uber, Electronic Arts and others are already lined up.

Separately, former Facebook and Yahoo CSO, Alex Stamos, has joined Zoom as an outside adviser. Stamos had been vocal on Twitter about the challenges facing the firm and observed in a post announcing his move that Zoom has some very difficult problems to solve going forward.

“As I told the computer science students in my Trust and Safety Engineering course this last quarter (the last two weeks of which were taught over, yes, Zoom) coding flaws and cryptographic issues are important, but the vast majority of real technological harm to individuals comes from people using products in a technically correct but harmful manner,” he explained.

“Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I’m looking forward to working with Zoom’s engineering teams on those projects.”

In the meantime, several more big-name users have come out against the video conferencing app. Reports claim that Google is preventing its employees from using the Zoom desktop client over security concerns, whilst the US Senate is also urging members not to use it.

They join the likes of SpaceX, NASA, the UK’s Ministry of Defence, New York school districts and the Taiwanese government.

Zoom has been hit by a spate of incidents over recent weeks, including critical vulnerabilities discovered in its platform, encryption failings, poor default settings that exposed user meetings to disruption and eavesdropping, and privacy issues.    

Yuan said he is instituting a “feature freeze” while all engineering resources are diverted to security and privacy.

What’s Hot on Infosecurity Magazine?