JLLeitschuh / zoom_vulnerability_poc

MIT License
133 stars 7 forks source link

Would it be better to security research on Jami? #1

Open ovari opened 5 years ago

ovari commented 5 years ago

Zoom defends use of local web server on Macs after security report

After his experience with Zoom, Leitschuh recommended that researchers do not report vulnerabilities to the vendor, and instead use the Zero Day Initiative.

Would it be better to security research on Jami? https://git.jami.net/

What do you think?

Thank you

JLLeitschuh commented 5 years ago

Not quite sure I understand the question.

ovari commented 5 years ago

Is Jami a viable replacement for Zoom?

Zoom's source code is closed. This has lead to undisclosed vulnerabilities. There can also be more undisclosed vulnerabilities that can not be easily found by security researches like yourself.

Jami's source code is free and open. It is understood the source code is here: https://git.jami.net/

Can you please audit the code and search for vulnerabilities in Jami?

Thank you

JLLeitschuh commented 5 years ago

The reason that I found the vulnerability in Zoom is because my company and I are users of Zoom. I'm happy to provide guidance if other people want to audit the source code of projects like Jami.

My research tends to focus on build infrastructure and the software supply chain. If you think you've found a vulnerability and want some suggestions on how to follow up, feel free to PM me on Twitter.