
Every Application Fails in Unique but Predictable Ways: A Study in Zoom - joebasirico
https://rethinksecurity.io/posts/every-application-fails-in-unique-but-predictable-ways-a-study-in-zoom/
======
s17n
The main lesson to be learned from Zoom is that you can be known for shipping
insecure products and there will be absolutely no repercussions in the
marketplace. Any startup CEO who invests in security is failing at their job.

~~~
meowface
It probably also helps if you're already at the top and have a product people
generally like and prefer to the competition. Something like this could
possibly kill a company before they get off the ground. But once they're
established and everywhere, it takes a whole lot for users to care enough to
stop using something they otherwise don't have strong issues with.

It also helps if there's a tangible issue that end users actually see or feel.
Zoombombing is an example, but it's easily prevented (unless there's an
internal collaborator on the call intentionally leaking the meeting ID and
password), and they can do various things to address that.

Other examples would be some sort of worm infecting computers through the Zoom
client, or direct evidence that any stranger could've been or was spying on
_their_ calls undetected (rather than the more abstract China routing and E2E
issues).

