This is part of a news story I received from Schwab. It seems as if it originated as a press release today from the company Secure Code Warrior, and indicates that Zoom has hired it to enhance its security. I don’t have a clue what SCW actually does and how it will help Zoom, but it obviously is part of Zoom’s overall push to greatly enhance security.
Secure Code Warrior’s ‘start left’ approach to secure coding amplifies Zoom’s commitment to software security
SYDNEY & BOSTON & LONDON - May 19, 2020-- Global secure coding company Secure Code Warrior® today announced it had been selected by Zoom Video Communications to implement its online secure coding platform as part of Zoom’s ongoing strategy to enhance their developers’ secure coding best practices.
“With an upturn in remote working, online communication and collaboration, it is more vital than ever to ensure the software powering effective remote teams is private and secure”, said Pieter Danhieux, Secure Code Warrior Co-Founder, CEO, and Chairman. “We’re striving to assist companies all over the world in achieving industry-leading best practices by shipping secure code with confidence. It has been excellent to see Zoom’s efforts to quickly scale a first-class security program, and we’re excited to be partnering with their software engineers to further build security in their DNA.”
This will be the Long security row to hoe for Zoom. You just do not pour in security to an established architecture and code base. But this is the first baby step. Changing the engineering thinking is first followed by coding practices and code publication security review. So things have to slow down in R&D. Then comes the difficult part, the architectural hardening at the expense of new features.
Long term this is all good and will create good immunization. The short term pain will probably be significant and the CEO seems to be taking his medicine.
I don’t have a clue what SCW actually does and how it will help Zoom…
Computers and the WWW are designed as if there is no malice in the universe. Secure Code is software code that hackers and other bad actors cannot subvert. It’s a large chunk of the coding effort and it is not an add on, it should be part of the code architecture.
Here is a video about it that will bore you to tears or put you to sleep. But it’s good! I’ve been coding for 60 years and I learned new stuff from it!
GOTO 2015 • Secure Coding Patterns • Andreas Hallberg
From Secure Code Warrior
DEFEND YOUR CODE
85% of exploited vulnerabilities are attributed to just 10 known vulnerabilities – the OWASP Top 10. Secure Code Warrior’s self-paced learning content covers over 50 different vulnerability types including OWASP Top 10. Our hands-on challenges are continuously revised and updated for new coding frameworks and vulnerability types. View full list of supported languages and vulnerabilities.
Yeh I really get the impression that Zoom is now so high in the public consciousness and for good reasons and bad (security deficiencies) that it has a make or break shot at redemption.
Basically for it to silence critics it has to produce the world’s most secure VC platform otherwise it could be over as an enterprise play.
In the same way that Boeing really has to make the 737-800 Max the world’s safest airline otherwise they can forget about selling another airplane of that model. If they fail they will have missed the chance in the way that Facebook has probably past the point of no return with its trust factor and no amount of whiter than white behaviour is going to make them trustworthy or at least from a mission critical enterprise perspective.