Zoom is getting torn apart. That’s not a bad thing. Very very few enterprise tools get the attention of world-class researchers. Even premier applications by huge companies go unexamimed b/c difficulty of obtaining and installing them. Plenty of Tier0 stuff written in C in 2007.

The historical ethics of Zoom’s product leadership has been much more concerning than even the valid technical criticism.
It’s the human element that’s hard to test. Maybe now, things will be different.

If I was a state-level actor, I wouldn’t be looking for vulns in Windows. There is stupid amounts of visibility. Trust me, I know. Instead, I’d be decompiling every desperate attempt by a vendor with product that punches through the DMZ, or shadow IT tools that autoupdate.

Important to recognize that secure product development is regrettably not currently a very primary metric. If you point researchers at ANY normie software, they’re going to find problems. It’s like TV news swabbing shopping cart handles. Some fecal material is going to be there.

Anyway, now everyone is swabbing handlebars on Zoom’s playground so maybe they’re going to get hardcore. Not with diluted Lysol consumer fluff. I’m talking chemicals that could stop a charging rhinoceros. Stuff that’s banned on shipments to South America because poachers use it.

Also, the stuff they’re finding with Zoom is... not instant death. Absolute depths of hell are not remotely being plumbed here.
Let security nerds handle this, go talk to your daughter who begrudgingly realizes college is not the shirking of childhood and she needs your support.

Maybe now you both can sit, look at a screen, and talk about life as peer adults, without you shying away to the “project car” that’s an excuse for your alcoholism and avoiding a long-failing relationship with the wife who gave up her postdoctoral career to raise your children.