Educause Security Discussion mailing list archives

Zoom - Penetration Test

From: "Clark, Sean (OIT)" <Sean.Clark () UCDENVER EDU>
Date: Fri, 23 Sep 2016 18:01:48 +0000

We are looking to use Zoom for highly confidential data and are asking them, per our usual process for evaluating cloud 
services for security and complaince, to provide us with evidence of a third party penetration test, and appropriate 
remediation.  Zoom has refused to perform a pen test or provide evidence that a pen test (and remediation) has been 
performed, but they have said that some of the organizations that use their product have performed pen tests of their 
app.

Have any of you performed a pen test of the Zoom app, or seen evidence of such?

Sean Clark
Information Security Officer
Director of IT Security and Compliance
Office of Information Technology
CU Denver | CU Anschutz
Sean.Clark () UCDenver edu<mailto:Sean.Clark () UCDenver edu>
303-724-0486

Current thread:

Zoom - Penetration Test Clark, Sean (OIT) (Sep 23)
- Re: Zoom - Penetration Test Paul B. Henson (Sep 24)
- Re: Zoom - Penetration Test Nicholas Garigliano (Sep 26)
  - Re: Zoom - Penetration Test Shankar, Anurag (Sep 26)
- <Possible follow-ups>
- Re: Zoom - Penetration Test Shankar, Anurag (Sep 23)